Hacker claims to have stolen data on one billion Chinese citizens

An anonymous internet user, identified as 'ChinaDan', posted on the hacker forum Breach Forums last week offering to sell more than 23 terabytes of stolen data from the Shanghai police database, including names, addresses, birthplaces, national IDs, phone numbers and criminal case information regarding one billion Chinese residents. 

In an anonymous post, the hacker asked for 10 bitcoin, worth around $200,000 (£168,000) for the complete file. 

"In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen," the post said.

The Shanghai government and police department did not respond to requests for comment on Monday, and news outlets have been unable to check the veracity of the post, or contact the self-proclaimed hacker, ChinaDan. However, The Associated Press news agency did obtain an unverified sample set of data that listed the personal information of minors. 

The post raised many concerns within the Chinese population, as it was widely discussed on China's Weibo and WeChat social media platforms, leading to the blocking of the hashtag #dataleak on Sunday afternoon.

"It would be among the biggest and worst breaches in history," said Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, stating that, if the material the hacker claimed to have come from the Ministry of Public Security, it would be bad for "a number of reasons". 

As a response to the possible leak, companies such as Binance have stepped up user-verification processes, after the exchange's threat intelligence detected the sale of records belonging to one billion residents of an Asian country on the dark web.

Zhao Changpeng, CEO of Binance, said on Twitter that a leak could have happened due to "a bug in an Elastic Search deployment by a [government] agency", without saying if he was referring to the Shanghai police case.

The claim of a hack comes as the US and other nations have repeatedly identified China as one of the world’s biggest sources of cybercriminals. In response, the country has vowed to improve the protection of online user data privacy, instructing its tech giants to ensure safer storage of information.