China censors the largest data hack in history

Image of article titled

photo: Noel Celis/AFP (Getty Images)

Chinese censors are working overtime to suppress news that data they have stolen from citizens over the years is apparently already there and being sold for less than the expected cost of a Tesla Roadster.

On Monday, reports emerged that a hacker known only as “ChinaDan” told members of the hacking site Breach Forums, He reportedly obtained 23 terabytes of data on 1 billion Chinese citizens Reuters. That’s the stat he’s willing to give up at the right price. How much is the personal data of a billion people worth? Apparently there are only 10 bitcoins, or about $200,000.

The post said the data came from a leaked version of the Shanghai National Police database. ChinaDan’s original post contained a sample of 250,000 citizen information, but that sample size was apparently increased to 750,000. Bilibili computer Included an image of a forum post that said “The database contains information on 1 billion Chinese national residents and billions of case records, including: name, address, place of birth, national ID number, mobile phone number, all crimes/cases details.”

The leak has drawn quite a bit of criticism, with claims it may be exaggerated, especially given that the total number of Shanghai police databases is only 400 million less than China’s total population of 1.4 billion.

The Chinese government has not formally mentioned the hacking incident to reporters publicly or online. Further reports show how much Beijing does not want its citizens to talk about the violations.This Financial Times reports that the government examiner Posts that even dared to mention the alleged leak have been deleted on Chinese social media.

The Financial Times wrote Weibo, essentially the Chinese version of Twitter, and WeChat is already censoring any mentions of tags containing “data breach” or “database breach.” Censors blocked existing posts and reportedly even asked at least one poster with a large following to come forward for questioning. The New York Times reported that Chinese state media had been silent on news of the hacking.

The hacker wrote that the data came from cloud computing company Alibaba CloudHey Said to be the host of the Shanghai police database.Binance CEO Changpeng Zhao wrote on twitter They found the records were being sold on the dark web, which “could be due to a bug in Elastic Search” [sic] Deployed by government agencies. Zhao further wrote that they are “enhancing verification” of their users whose information was included in the breach.

If true, this could be the largest personal data breach ever. 2022 is already proving to be a big year for data breaches multinational also government. This is also not the first time a bug in the Elasticsearch server has led to an information leak.Server configuration error for Texas-based data firm Ascension Data & Analytics Reportedly leaked Back in 2019 there were over 24 million financial and banking records.

Gizmodo was unable to determine the authenticity of the post or the data contained in the treasure, although New York Times Be able to confirm the authenticity of the original sample containing the personal information of 250,000 citizens. Reporters call individuals listed in the database who have apparently confirmed their identities and any past police reports they have apparently filed—It also includes whether individuals have been flagged as “key figures” by public security services to make it easier to flag their activities in the wider context of the country monitoring status.

This Wall Street Journal Some names and numbers included in a wider sample of 750,000 were also called, and five of them also confirmed that the data would be difficult to obtain if not collected by police. Some of the numbers that The Wall Street Journal tried are no longer valid, although reporters noted that Chinese citizens often change their numbers.

A man surnamed Wei told The Wall Street Journal after learning that his information had been leaked, “We’re all streaking,” meaning they don’t have privacy.



Source link