What do we know about one of the biggest data thefts in history

More than 23 terabytes of data belonging to one billion Chinese citizens were allegedly stolen by a hacker from a Shanghai police database. If the violation is confirmed, it would be one of the most serious in history. There are currently no official statements from the authorities of the People's Republic. The cybercriminal only identified himself as ChinaDan.

The data was put up for sale on a public forum called Breach Forums at a price of ten Bitcoins, equivalent to around two hundred thousand dollars. “In 2022, the Shanghai National Police (SHGA) database was hacked. This database contains many terabytes of data and information on billions of Chinese citizens "reads the post, dated June 30.

The data exfiltrated includes, according to ChinaDan, names, addresses, telephone numbers, national identification codes and information on the criminal records of victims.

Source: https://www.bleepingcomputer.com/news/security/hacker-claims-to-have-stolen-data-on-1-billion -chinese-citizens /

Zhao Changpeng, the CEO of Binance, the cryptocurrency exchange platform, tweeted on July 3 reporting that the data of one million citizens of an Asian country was "for sale on the dark side. web ".

The incident has sparked concern on Chinese social media platforms. The hashtag relating to the leak has been blocked on Weibo (a social media microblogging similar to Twitter).

Twitter content This content can also be viewed on the site it originates from.

“When it comes to a data breach of this magnitude, it's nearly impossible to verify the veracity of every element,” commented Toby Lewis, global head of risk analysis at cybersecurity company Darktrace. “However , based on a sample of data, the first analyzes indicate that the breach is somehow credible. At the moment it is not yet clear whether the data comes from a single database, from connected or unrelated databases, which means that the number of affected citizens could be much less than the number of elements actually leaked. "

The selling price of the data, Lewis points out, is relatively low. This could be an indication that the hacker wants to sell to more buyers without exclusivity.

“This type of personal information is highly sought after by cybercriminals pursuing for-profit purposes,” explained Bill Conner, CEO IT security company SonicWall delegate to Infosecurity Magazine "Organizations should implement security best practices, such as a layered approach to protecting and proactively updating any outdated security devices."