Hacker Alleges to Steal Data from Chinese Citizens
Industry: Government | Level: Strategic | Source: BleepingComputer
A potential data leak from the Shanghai National Police (SHGA) database, led to an anonymous hacker using the handle "ChinaDan," on a hacking forum to sell data of approximately 1 billion Chinese citizens. Based on the post the data contains names, birthplaces, addresses, national ID and mobile numbers, and any criminal records. The hacker also shared the data was exfiltrated from Alibaba Cloud. The threat intelligence team of the cryptocurrency exchange company Binance investigated the matter and speculates the exposure was due to an open ElasticSearch database. Binance CEO, Zhao Changpeng, weighed in on the incident stating, "apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials." Wall Street Journal reporter Karen Hao, has communicated with citizens who have been impacted by the breach and verified the authenticity of the information. The data is significant as stated Hao "At this point, it's impossible to confirm the scale of the data leak, but five of the people who picked up verified all of the case details listed with their name — information that would be difficult to obtain from any source other than the police."