In what may have been the largest data breach in Chinese history, a hacker claimed to have stolen the personal information of more than one billion Chinese citizens.
The information of "one billion Chinese national residents and several billion case records" was offered for sale in a post on the hacker forum Breach Forums for the extremely low price of 10 Bitcoin, or around $200,000.
Using the alias ChinaDan, the poster said that the data set contained "name, address, birthplace, national ID number, mobile number, and all crime/case records."
The post remains unverified, but it has drawn attention from within China and abroad. Many users on China’s Weibo and WeChat platforms expressed great concern and distress about the truth of the claim. Posters on Breach Forums analyzed a sample of the data and debated the authenticity, largely due to the asking price for such valuable information.
Forum administrators closed the thread Sunday night, with one offer of 6 Bitcoin on the table at the time.
Kendra Schaefer, a partner at consultancy firm Trivium China, said the breach would be "bad, for a number of reasons" if it were to be proven legit.
"Most obviously, this would be among the biggest and worst breaches in history," Schaefer wrote on social media. "Two, China’s Personal Information Protection Law just came out late last year. It requires gov bodies to protect the info of citizens, which if the source is indeed MPS, MPS has failed to do."
It's hard to parse truth from rumor mill, but can confirm file exists. If the source is indeed MPS, that would be, erm... bad, for a number of reasons. Most obviously, it would be among biggest and worst breaches in history. Alleged screenshots: 2/7 https://t.co/MpLQSiYzGS
— Kendra Schaefer 凯娜 (@kendraschaefer) July 4, 2022
Schaefer noted that the records "also allegedly contain details on case files of minors," making this a violation of the Minor Protection Law.
"Would be surprised if they don’t also contain files on celebs and minor officials," she continued.
The Shanghai police would have had access to a national data-sharing system, enabling access to more information than a regional police authority would have ordinarily had, which may be one reason why the breach contained so much information.