fbpx
Cyber-wellness Means Cyber-awareRead more Addressing maternal mental healthcare in AfricaRead more Qatar v. Ecuador to kick off FIFA World Cup 2022™ on 20 NovemberRead more Webb Fontaine Announces Launch of Niger National Single Window (NNSW) to Bolster TradeRead more Ethiopia: Loan from United Nations Fund Allows Food and Agriculture Organization (FAO) to Scale Up Fertilizers for Farmers in TigrayRead more How Choosing the Right Printer Helps Small Businesses and Content Creators to Save Time, Maximise Productivity and Achieve GrowthRead more The United States Contributes USD $223 Million to Help World Food Programme (WFP) Save Lives and Stave Off Severe Hunger in South SudanRead more Eritrea: World Breastfeeding WeekRead more Eritrean community festival in Scandinavian countriesRead more IOM: Uptick in Migrants Heading Home as World Rebounds from COVID-19Read more

Hacker claims major Chinese citizens’ data theft

show caption
The data stolen in the hack includes names, mobile phone numbers, national ID numbers, addresses, birthdays and police reports./AFP
Print Friendly and PDF

Jul 06, 2022 - 08:03 AM

BEIJING, CHINA — A hacker claiming to have stolen personal data from hundreds of millions of Chinese citizens is now selling the information online.

A sample of 750,000 entries posted online by the hacker showed citizens’ names, mobile phone numbers, national ID numbers, addresses, birthdays and police reports they had filed.

AFP and cybersecurity experts have verified some of the citizen data in the sample as authentic, but the scope of the entire database is hard to determine.

Advertised on a forum late last month but only picked up by cybersecurity experts this week, the 23-terabyte database — which the hacker claims contains the records of a billion Chinese citizens — is being sold for 10 bitcoin (approximately $200,000).

“It looks like it’s from multiple sources. Some are facial recognition systems, others appear to be census data,” said Robert Potter, co-founder of cybersecurity firm Internet 2.0.

“There is no verification of the total number of records and I’m sceptical of the one billion citizens number,” he added.

China maintains an extensive nationwide surveillance infrastructure that siphons massive amounts of data from its citizens, ostensibly for security purposes.

Growing public awareness of data privacy has led to stronger data protection laws targeting individuals and private firms in recent years, although there is little citizens can do to stop the state from collecting their data.

Some of the leaked data appeared to be from express delivery user records, while other entries contained summaries of incidents reported to police in Shanghai over a span of more than a decade, with the most recent from 2019.

The incident reports ranged from traffic accidents and petty theft to rape and domestic violence.

‘Heads will roll’ 

At least four people out of over a dozen contacted by AFP confirmed their personal details, such as names and addresses, as listed in the database.

“So that’s why so many people have been adding my WeChat over the past few days. Should I report this to the police?” said one woman surnamed Hao.

“I’m really confused about why my personal data has been leaked,” said another woman surnamed Liu.

In replies to the original post, users speculated that the data may have been hacked from an Alibaba Cloud server where it was apparently being stored by the Shanghai police.

Potter, the cybersecurity analyst, confirmed that the files were hacked from Alibaba Cloud, which did not respond to an AFP request for comment.

If confirmed, the breach would be one of the largest in history and a major violation of the recently approved Chinese data protection laws.

“Heads will roll over this one,” tweeted Kendra Schaefer, tech partner at research consultancy Trivium China.

China’s cybersecurity administration did not respond to a fax requesting comment.

  • bio
  • twitter
  • facebook
  • latest posts

ZONNTECH.COM uses both Facebook and Disqus comment systems to make it easier for you to contribute. We encourage all readers to share their views on our articles and blog posts. All comments should be relevant to the topic. By posting, you agree to our Privacy Policy. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, name-calling, foul language or other inappropriate behavior. Please keep your comments relevant and respectful. By leaving the ‘Post to Facebook’ box selected – when using Facebook comment system – your comment will be published to your Facebook profile in addition to the space below. If you encounter a comment that is abusive, click the “X” in the upper right corner of the Facebook comment box to report spam or abuse. You can also email us.