Skip to main content

Hacker steals 1 billion people’s records in unprecedented data breach

An anonymous hacker has stated that he has successfully infiltrated the Shanghai police department’s database. In doing so, he apparently extracted personal information of a staggering one billion Chinese citizens.

The individual, ‘ChinaDan’, took sole responsibility for the data breach. As reported by Reuters and PCMag, he detailed the incident on hacker forum Breach Forums.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

He’s currently offering the huge amount of information for 10 Bitcoins, which would translate to around $200,000 at current rates. The aforementioned data is said to equal 23 terabytes (TB) in size.

Dan said he obtained the files containing the names, addresses, and mobile numbers from the Shanghai National Police (SHGA) database.

He also reportedly managed to gain access and retrieve the birthplaces, national ID numbers, and every single crime case related to the one billion citizens, all of whom are based primarily in China.

Currently, Reuters wasn’t able to confirm whether the claim of the post is indeed real. The Shanghai government and its police department have yet to comment on the situation since it materialized earlier this week.

That said, Zhao Changpeng, CEO of popular cryptocurrency exchange Binance, confirmed that the company has intensified its user verification processes. Why? Its threat intelligence arm detected that these records are now being sold on the dark web.

The leak could be attributed to “a bug in an Elastic Search deployment by a (government) agency, he detailed in a tweet. “This has impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”

​​He continued that “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN [the China Software Developer Network] and accidentally included the credentials.”

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

Kendra Schaefer, the head of tech policy research at consultancy Trivium China, said that if the data was actually obtained via the Ministry of Public Security, it would naturally be bad for “a number of reasons. Most obviously it would be among [the] biggest and worst breaches in history,” she said.

Indeed, if the claim from the hacker is ultimately verified, then the cyber incident would rank as probably the largest data breach in history.

The post from ChinaDan itself is already generating a considerable amount of discussion on Chinese social media platform Weibo, as well WeChat throughout the weekend. In fact, the hashtag “data leak” was blocked on Weibo by Sunday afternoon, according to Reuters.

Elsewhere, an underground online marketplace that sold the personal details of around 24 million U.S. citizens was recently shut down. The service’s profits, meanwhile, far exceeds Dan’s $200,000 asking price — since April 2015, blockchain analysis company Chainalysis confirmed that it found $22 million in Bitcoin transactions retrieved by SSNDOB.

2022 has undoubtedly been a busy year for hackers in general. There have been a number of unprecedented situations related to the hacking scene, ranging from various shutdowns such as the largest dark web marketplace being taken offline, to Microsoft launching its own cybersecurity initiative to combat the sheer rise in cybercrime.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Is ChatGPT creating a cybersecurity nightmare? We asked the experts
A person's hand holding a smartphone. The smartphone is showing the website for the ChatGPT generative AI.

ChatGPT feels pretty inescapable right now, with stories marveling at its abilities seemingly everywhere you look. We’ve seen how it can write music, render 3D animations, and compose music. If you can think of it, ChatGPT can probably take a shot at it.

And that’s exactly the problem. There's all manner of hand-wringing in the tech community right now, with commenters frequently worrying that AI is about to lead to a malware apocalypse with even the most green-fingered hackers conjuring up unstoppable trojans and ransomware.

Read more
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more