China police

Image: Xiangkun ZHU/BleepingComputer

An anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).

The announcement was posted on a hacker forum by someone using the handle ‘ChinaDan,’ saying that the information was leaked from the Shanghai National Police (SHGA) database.

Based on the information they shared regarding the allegedly stolen data, the databases contain Chinese national residents’ names, addresses, national ID numbers, contact info numbers, and several billion criminal records.

ChinaDan also shared a sample with 750,000 records containing delivery info, ID information, and police call records. These records would allow interested buyers to verify that the data for sale is not fake.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens,” the threat actor said in his post last week.

“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: Name, Address, Birthplace, National ID Number, Mobile number, All Crime / Case details.”

The threat actor confirmed the data was exfiltrated from a local private cloud provided by Aliyun (Alibaba Cloud), part of the Chinese police network (aka public security network).

ChinaDan BreachForums post
Image: BleepingComputer

​On Sunday, Binance CEO Zhao Changpeng confirmed that his company’s threat intelligence experts spotted ChinaDan’s claims and said that the leak was likely due to an ElasticSearch database that a Chinese government agency accidentally exposed online.

“Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency,” Zhao said.

“This has impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”

Zhao later added that “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.”

Wall Street Journal reporter Karen Hao reached out to dozens of people who had their data allegedly stolen in the breach and said that some of them confirmed all the info available in the leaked sample.

“At this point, it’s impossible to confirm the scale of the data leak, but five of the people who picked up verified all of the case details listed with their name — information that would would be difficult to obtain from any source other than the police,” Hao said

“The other four confirmed basic information like their names before hanging up.”

If ChinaDan’s claims are proven to be accurate, this would be the most significant data breach ever impacting China and one of the largest in history.

Source: www.bleepingcomputer.com