IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers claim to steal personal data of over a billion people in China

The attackers have reportedly offered to sell over 23 terabytes of data for 10 bitcoin

Hackers have reportedly stolen the data of around one billion Chinese citizens from a Shanghai police database, in what experts are calling the largest cyber security breach in the country's history.

The unidentified attackers, who have claimed they are responsible for the attack, have offered to sell over 23 terabytes of stolen data, as reported by Bloomberg.

This includes names, addresses, birthplaces, national IDs, phone numbers and criminal case information, the attackers revealed in an anonymous post on an online forum last week. The hackers were also asking for 10 bitcoin, worth around $190,000 (£159,500).

Zhao Changpen, founder and CEO of Binance, tweeted today that the company detected a breach of one billion resident records for sale on the dark web from one Asian country, although didn’t specify which country. He said that this was likely due to a bug in an ElasticSearch deployment by a government agency. As a result, Binance has increased its security verification procedures for users who have been affected.

Shanghai authorities and the Cyberspace Administration of China haven’t responded to the alleged hack so far.

The US and other nations around the world have identified China in the past as one of the world’s biggest sources of cyber criminals. New Zealand, for example, claimed in July 2021 that there were links between Chinese state-sponsored actors APT40 and malicious cyber activity in the country.

Domestic breaches in China are rarely disclosed, due to a lack of transparent reporting mechanisms. The information of dozens of Communist Party officials and industry figures like Jack Ma was said to have been exposed on Twitter in 2016, considered to be one of China’s biggest online leaks of sensitive information at the time. This was followed in 2020 by hackers claiming to have stolen account information for over 538 million users of Weibo. This year, a rights group claimed that tens of thousands of hacked files from the Xinjiang region provided evidence of the abuse of mostly Muslim ethnic Uyghurs.

It remains unclear how the attackers gained access to the Shanghai police servers, although online cyber security experts have predicted it might have been through the breach of a third-party cloud infrastructure partner. The country’s biggest external cloud services are provided by Alibaba, Tencent, and Huawei.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Google announces new cloud regions in Asia Pacific
cloud computing

Google announces new cloud regions in Asia Pacific

10 Aug 2022
South Korean public sector organisations targeted by Gwisin ransomware
ransomware

South Korean public sector organisations targeted by Gwisin ransomware

8 Aug 2022
APAC region to lose 63 million jobs to automation by 2040
automation

APAC region to lose 63 million jobs to automation by 2040

8 Aug 2022
Cyber attacks rain on Taiwan during Pelosi visit
cyber warfare

Cyber attacks rain on Taiwan during Pelosi visit

5 Aug 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022