Skip to main content

Hacker steals 1 billion people’s records in unprecedented data breach

An anonymous hacker has stated that he has successfully infiltrated the Shanghai police department’s database. In doing so, he apparently extracted personal information of a staggering one billion Chinese citizens.

The individual, ‘ChinaDan’, took sole responsibility for the data breach. As reported by Reuters and PCMag, he detailed the incident on hacker forum Breach Forums.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

He’s currently offering the huge amount of information for 10 Bitcoins, which would translate to around $200,000 at current rates. The aforementioned data is said to equal 23 terabytes (TB) in size.

Dan said he obtained the files containing the names, addresses, and mobile numbers from the Shanghai National Police (SHGA) database.

He also reportedly managed to gain access and retrieve the birthplaces, national ID numbers, and every single crime case related to the one billion citizens, all of whom are based primarily in China.

Currently, Reuters wasn’t able to confirm whether the claim of the post is indeed real. The Shanghai government and its police department have yet to comment on the situation since it materialized earlier this week.

That said, Zhao Changpeng, CEO of popular cryptocurrency exchange Binance, confirmed that the company has intensified its user verification processes. Why? Its threat intelligence arm detected that these records are now being sold on the dark web.

The leak could be attributed to “a bug in an Elastic Search deployment by a (government) agency, he detailed in a tweet. “This has impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”

​​He continued that “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN [the China Software Developer Network] and accidentally included the credentials.”

A large monitor displaying a security hacking breach warning.
Stock Depot/Getty Images

Kendra Schaefer, the head of tech policy research at consultancy Trivium China, said that if the data was actually obtained via the Ministry of Public Security, it would naturally be bad for “a number of reasons. Most obviously it would be among [the] biggest and worst breaches in history,” she said.

Indeed, if the claim from the hacker is ultimately verified, then the cyber incident would rank as probably the largest data breach in history.

The post from ChinaDan itself is already generating a considerable amount of discussion on Chinese social media platform Weibo, as well WeChat throughout the weekend. In fact, the hashtag “data leak” was blocked on Weibo by Sunday afternoon, according to Reuters.

Elsewhere, an underground online marketplace that sold the personal details of around 24 million U.S. citizens was recently shut down. The service’s profits, meanwhile, far exceeds Dan’s $200,000 asking price — since April 2015, blockchain analysis company Chainalysis confirmed that it found $22 million in Bitcoin transactions retrieved by SSNDOB.

2022 has undoubtedly been a busy year for hackers in general. There have been a number of unprecedented situations related to the hacking scene, ranging from various shutdowns such as the largest dark web marketplace being taken offline, to Microsoft launching its own cybersecurity initiative to combat the sheer rise in cybercrime.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers used 30,000 computers for record-breaking DDoS attack
An illustration of a grid of devices with one in red, infected device highlighted.

Hackers launched a record-breaking distributed denial of service (DDoS) attack over the weekend, employing a network of botnets to make requests from over 30,000 IP addresses.

While that isn't a big network of computers, the onslaught was able to exceed 71 million requests per second (rps), surpassing the previous record of 46 million rps set in June 2022 by 35%. This is what's known as a volumetric attack that consumes the target website's bandwidth by sending large amounts of data from multiple sources at once.

Read more
Hackers dug deep in the massive LastPass security breach
The LastPass logo appears in front of a menacing hooded figure.

The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company's transparency on this serious issue.

It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo's latest blog update, the company reported that several of its other products were compromised as well.

Read more
Hackers stole $1.5 million using credit card data bought on the dark web
A credit card is passed from one person to another.

In what sounds like a movie script, over $1 million was stolen by a group that made use of thousands of credit cards posted for sale on the dark web. Some of the details of this complex cybercrime operation have come to light following an indictment by the U.S. Department of Justice.

In the United States v. Trevor Osagie, the defendant has pled guilty to conspiracy to commit credit card fraud from 2015 to 2018. Osagie worked with a network of thieves and managed to rack up over $1.5 million in damages.

Read more