Hackers say they got a lot of information about 1 billion Chinese people from a police database in Shanghai. If this is true, it could be one of history’s most significant data leaks.
The data includes names, addresses, national identification numbers, mobile phone numbers, and case details from the Shanghai National Police database.
The Associated Press could not check immediately to see if the data samples were actual. When asked for a comment, the Shanghai police did not answer right away.
At first, Chinese social media sites like Weibo talked about the data leak. But after a while, You could no longer do a search for “Shanghai data leak.”
One person said they were doubtful until they tried to find people on Alipay using their personal information leaked online.
“Everyone, please be careful in case there are more phone scams in the future!” they said in a Weibo post.
Another person said on Weibo that the leak means everyone is “running naked,”. A slang for having no privacy and a “horrifying” situation.
‘Embarrassing to the Chinese government’
Experts said that if the breach is true, it would be the biggest one so far.
Kendra Schaefer, partner and head of technology at policy research firm Trivium China gave her opinion on Twitter. She said in a tweet that it’s “hard to parse truth from the rumor mill, but can confirm file exists.”
Michael Gazeley, the managing director of Hong Kong-based security company Network Box, says this kind of data leak is pretty common.
“There are approximately 12 billion compromised accounts posted on the Dark Web right now. That’s more than the total number of people in the world,” he said. He also added that most data leaks come from the US.
Chester Wisniewski, a principal research scientist at the cybersecurity company Sophos, said that this incident is “extremely embarrassing” for the Chinese government and they might suffer huge political damage.
He said that most of the information is similar to what banner ad companies would have.
“When you’re talking about a billion people’s information and it’s static information, it’s not about where they traveled, who they communicated with or what they were doing, then it becomes very much less interesting,” Wisniewski said.
Still, once hackers get information and put it online, we can’t get rid of that.
“The information, once it’s unleashed, is forever out there,” Wisniewski said. “So if someone believes their information was part of this attack, they have to assume it is forever available to anyone and they should be taking precautions to protect themselves.”
A Cryptocurrency Exchange Taking Necessary Steps
A major cryptocurrency exchange said it had stepped up its verification processes to protect against fraud attempts like using people’s personal information from the reported hack to take over their accounts.
Zhao Changpeng, the CEO of Binance, a cryptocurrency exchange, said in a tweet on Monday that the company’s threat intelligence department had found the sale of “1 billion resident records.”
“This has impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.” Zhao wrote in his tweets that Binance had already taken more steps to verify accounts.
In 2020, people thought that Russian hackers were behind a big cyberattack that hurt a number of US government agencies. It includes the State Department, the Department of Homeland Security, telecommunications companies, and defense contractors.
More than 533 million Facebook users’ personal information was put on a hacking forum last year. This happened because hackers could leak Facebook data because of a security flaw. Since then, Facebook solved this problem.