A hacker claims to have stolen one billion Chinese citizens' personal data after hacking a database belonging to the Shanghai Police.
If true, experts call this hack one of the biggest personal data leaks in history.
This data leak information comes from a post by someone with the name ChinaDan on the Breach Forums forum. On the forum he sold 24TB of data at a price of 10 bitcoins, or around USD 200 thousand.
"In 2022, the Shanghai National Police database leaked. This database contains a lot of data and information on billions of Chinese citizens," he wrote in the post.
"The database contains information from one billion Chinese citizens and several billion case records, including: names, addresses, places of birth, identity numbers, mobile phone numbers, all criminal cases."
The Shanghai government and local police have not commented on the case.
This post became the talk of the social media network Weibo and WeChat, and many users were worried that the data might actually be leaked. Even the keyword 'data leak' was blocked on Weibo.
According to Kendra Schaefer, head of tech policy research at consulting firm Trivium, if the leaked data came from the Ministry of Public Security, it would be very bad.
"What is clear is that this will be the biggest and most severe data leak in history," he said.
Even Binance CEO Zhao Changpeng immediately tightened the user verification process, which was carried out after his cyber threat intelligence team detected a sale of resident data from an Asian country -- without mentioning China.
Through his Twitter account, the man who is better known as CZ said the leak could have occurred because of a loophole in the ElasticSearch system used by a government agency, again without mentioning that it was a hacking case of the Shanghai Police.
Then he again mentioned that this attack occurred because a government developer wrote a technology blog on CSDN and accidentally entered his credentials there. The CSDN referred to by CZ is the China Software Developer Network.
However, CZ's statement was quickly dismissed by Elastic, the company that made ElasticSearch, who said that his party was not the cause of the data leak.