TECH NEWS – A government developer has pulled off the biggest data hack in history by leaving the information needed to access a database in an old blog post…
HotHardware reported that the data of one billion Chinese citizens were obtained from the Shanghai National Police database and was being offered for sale for ten bitcoins. This post, however, has disappeared from the Breach Forums pages, which could mean one of two things: either it was all a hoax or accurate data on Chinese people fell into unauthorized hands…
Two people from the Wall Street Journal, namely Karen Hao and Rachel Liang, looked into the sample of 750,000 people and called some of them. The database listed the names, addresses, birthdays, ID numbers, possible criminal offences and phone numbers of the individuals. The two journalists thought it was all a hoax, but one of the victims reacted with the proverb used in China (“We are all running naked”, referring to the fact that there is a lack of privacy).
Hao wrote on Twitter that nine of the dozens of people who called answered the phone and confirmed their leaked details. Hao added, “I was truly stunned when the first person picked up—I believed the whole thing to be fake. By the third, I was shaking—both from the nerves of trying to explain why I had their extremely private information and the weight of realizing what this leak could mean for so many.”
Many numbers were no longer in use, which is natural because, in China, users often change numbers. But it is pretty interesting that they only asked for ten bitcoins worth about $200,000. That’s not much for a database of that size! Zhao Changpeng, CEO of Binance (cryptocurrency trading company), also posted a tweet: according to him, their threat detector has noticed the sale on the dark web. As a result, their security has improved. The source, according to him, is a government developer who wrote for a tech blog and left the credentials needed to access the database in his published code in 2020.
Following the leak, another post on Breach Forums, allegedly written by a Chinese police officer, promises further police database dumping “inspired by the recent Shanghai event”: a 2016 database was published as a “meeting gift”. Breach Forums is the spiritual successor to RaidForums, which was dismantled as part of a joint international operation where the site’s founder and main admin, Diogo Santos Coelho, was arrested and charged in the UK.