A hacker claims to have obtained a trove of personal information on one billion Chinese citizens from the Shanghai police, which, if true, would be one of the largest data breaches in history, according to tech experts.
Last week, an anonymous internet user identified as “ChinaDan” posted on the hacker forum Breach Forums offering to sell more than 23 terabytes (TB) of data for 10 bitcoin, roughly $200,000.
“The Shanghai National Police (SHGA) database was launched in 2022.”
“Databases contain information on 1 Billion Chinese national residents and several billion case records, including name, address, birthplace, national ID number, mobile number, all crime/case details.”
Reuters was unable to verify the authenticity of the post.
The Shanghai government and police department did not respond to requests for comment on Monday.
Reuters was also unable to reach the self-proclaimed hacker, ChinaDan, but the post was widely discussed on China’s Weibo and WeChat social media platforms over the weekend with many users worried it could be real.
The hashtag “data leak” was blocked on Weibo on Sunday afternoon.
Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, said in a post on Twitter it was “hard to parse truth from rumor mill”.
If the hacker’s claimed material came from the Ministry of Public Security, it would be bad for “a number of reasons,” according to Schaefer.
“Obviously, it would be one of the largest and worst breaches in history,” she said.
Binance CEO Zhao Changpeng announced on Monday that the cryptocurrency exchange had increased user verification processes after the exchange’s threat intelligence detected the sale of records belonging to 1 billion Asian residents on the dark web.
He stated on Twitter that a leak could have occurred as a result of “a bug in an Elastic Search deployment by a (government) agency,” but did not specify whether he was referring to the Shanghai police case. He did not respond immediately to a request for additional comment.
The claim of a hack comes as China has vowed to improve protection of online user data privacy, instructing its tech giants to ensure safer storage after public complaints about mismanagement and misuse.
Last year, China passed new laws governing how personal information and data generated within its borders should be handled.