Unknown Hacker Steals Data of a Billion Chinese Citizens

Breach Notification
Cyberwarfare / Nation-State Attacks

Data Has Been Put on Sale for 10 Bitcoin, Equivalent to About $200,000

Unknown Hacker Steals Data of a Billion Chinese Citizens
(Source: ISMG)

A misconfigured Aliyun or Alibaba private cloud server has led to the leak of around one billion Chinese nationals’ personal details. An unknown hacker, identified as “ChinaDan”, posted an advertisement on a hacker forum selling 23 terabytes of data for 10 bitcoin, equivalent to about $200,000.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You’ll Meet Your Adversaries

Touted to be one of the largest data breaches in history, the data was allegedly stolen from Shanghai National Police database, containing Chinese national’s personal details including names, home addresses, criminal records, ID and phones numbers.

“Our threat intelligence detected 1 billion resident records for sale in the dark web, including name, address, national id, mobile, police and medical records from one Asian country. Likely due to a bug in an Elastic Search deployment by a gov agency,” says a Tweet by Zhao Changpeng, founder and chief executive officer of cryptocurrency exchange Binance. “This has impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc.”