The hacking of the personal information of around 1 billion Chinese citizens occurred recently. An unidentified hacker on a handle named Chinadan advertised the sale of 23 gigabytes of data for 10 Bitcoin, or $200,000. It contains personal information about Chinese citizens, including names, home addresses, criminal records, ID numbers, and phone numbers.
In some instances, information on a person’s job, marital status, ethnicity, and educational level, could also be found. These were reportedly stolen from the databases of the Shanghai National Police. According to reports, this is one of history’s most prominent data breaches.
Many experts in the field of cryptography believed the hacker’s claim that the data was accurate with skepticism due to its size and the potential impact it could have. But to show how significant the breach was, the hacker publicized some of the data on the internet. The hacking claim comes at a time when China has committed to strengthening the security of internet user privacy. It has ordered its tech titans to ensure safer storage in response to widespread complaints about improper handling and abuse.
Information Security Media Group could not verify the validity of the exposed data. However, as per information from Bleeping Computer, ChinaDan also offered a sample with 750,000 records that included ID information and logs of police calls. It claims that this sample enables potential buyers to confirm the information.
After hearing about the attack’s possible causes, Chinese security professionals reacted furiously. The size of the breach and the severity of the leaked data, including information about criminal activity, has alarmed security experts. Many TB of data and information about billions of Chinese residents are there in Shanghai National Police (SHGA) database. However, the Shanghai police have not yet issued any official statements.
Regulations in China
Many data leak events have occurred in China in recent years. Sensitive information on influential Chinese people, including Jack Ma, the founder of Alibaba, got published on Twitter in 2016. These instances concerned the Chinese authorities. China approved legislation governing handling personal data and data generated within its borders last year.
As per Kendra Schaefer, China enacted the Personal Information Protection Law that came last year compels governmental entities to safeguard residents’ personal information. He is the head of tech policy research at the Beijing-based consultancy Trivium China. Besides, the data purportedly include information from kids’ case files, which would be illegal under the Minor Protection Law.
Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …— CZ 🔶 Binance (@cz_binance) July 3, 2022
Zhao Changpeng, Binance CEO, stated that this incident may have happened due to a government agency’s problem with an Elastic Search deployment. Another reason could be that the government developer unintentionally included the credentials in a tech blog on CSDN. Moreover, he also suggested that all platforms must strengthen their security protocols in this area. He added that Binance has already accelerated verifications for users affected by the hack.
Overall, the Chinese government has made eminent efforts over the past several years to tighten rules over a lax industry. This sector has significantly aided in the rise of online fraud. But, the focus of these regulations has been on businesses in the technology sector. The government is often exempted from strict restrictions and sanctions. However, the government itself has always had trouble securing the data it collects from its citizens.