Various online sources report that the biggest data breach in history happened in China. A hacker is trying to sell sensitive personal information belonging to more than a billion people leaked from a government agency. It includes names, addresses, national ID numbers, mobile phone numbers, and police and medical records. More than 23 TB of personal data was claimed to be stolen from the Shanghai Police Department.
1 billion resident records
Changpeng Zhao, CEO of Binance stated that the company’s threat intelligence team detected 1 billion resident’s records for sale on the dark web. It can be caused by a bug in Elasticsearch during deployment by a government agency. Although Zhao doesn’t pinpoint any countries, it is expected to be China.
Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …
— CZ 🔶 Binance (@cz_binance) July 3, 2022
The hacker is looking for someone to pay 10 bitcoins for the stolen data, which is currently $200,000 approximately. The threat actor, ChinaDan, claims that the data was exfiltrated from a local private cloud provided by Alibaba Cloud, which is also a part of the police network in China. On a hacker forum site, the hacker said;
« In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens. Databases contain information on 1 Billion Chinese national residents and several billion case records, including: Name, Address, Birthplace, National ID Number, Mobile number, All Crime / Case details. »