A hacker is selling a huge Shanghai police database that he says contains sensitive information about about a billion Chinese residents – including names, addresses, dates of birth as well as reports about crimes and incidents.
The hacker, who goes by the name “ChinaDan”, says that the database also contains photos used in official documents or taken by facial recognition systems.
If the claim is true, it would turn out to be one of the largest data breaches in history, especially given the nature and extent of personal information. The asking price for the database is 10 bitcoins – worth around £169,000 at the time of publication.
“In 2022, the database of the Shanghai National Police (SHGA) was leaked. This database contains many [terabytes] data and information about Billions of Chinese citizens”, ChinaDan posted on Breach Forum, a forum about hacking.
“The database contains information about 1 Billion residents of Chinese nationality and billions of case files, including: name, address, place of birth, national ID number, mobile phone number, all details of the crime/case.”
Some of the information posted as a sample appears to be accurate – the Wall Street Journal and AFP contacted some of the people included in the sample who verified sensitive personal information.
Chinese authorities have not commented publicly on the breach. Search terms related to it, including “data leak”, have been censored on Chinese social media.
The Chinese government regularly collects a dizzying array of data about its citizens, such as when they take trains and planes or check into hotels, and CCTV coverage in some places is widespread. variable. Beijing police have said since 2015 that “every corner” of the city is under video surveillance. Many of those cameras have facial recognition capabilities.
In November last year, China enacted its first comprehensive data privacy law, placing tighter restrictions on what companies are allowed to do with user data and how they must do so. store that data.
However, that law regulates private companies’ access to the data, rather than government and police databases.
The scale of the data leak would make it one of the largest in history. In 2013, Yahoo announced that all three of its accounts had been hacked – arguably the largest breach in history, although the stolen personal information was less sensitive than the police’s leak. close to Shanghai, if true.