Shanghai, China, Jul 6 (EFE).- A hacker named ChinaDan claimed to have obtained personal information from 1 billion Chinese citizens after an alleged leak of a Shanghai Police database.
In a message posted on popular hacking forum Breached Forums, the user claimed to also be in possession of “several billion case files” from police, with data including name, address, place of birth, national ID number, identity, telephone number and “full details” of the crimes described.
ChinaDan said he offers to sell all this data in exchange for 10 bitcoins, the equivalent of about $ 200,000.
The original message was posted on Jun. 30, the same day the user signed up, and generated up to 17 pages of comments before forum moderators closed the thread.
The hacker did not say how he obtained the alleged data package, of more than 23 terabytes – a unit equivalent to 1,000 gigabytes – but he posted a downloadable sample with some 750,000 files.
In an article about the leak, the American newspaper The New York Times claimed to have “confirmed parts” of the data included in that sample.
“It is difficult to distinguish truth from rumors, but I can confirm that the file exists. If the source is the Public Security Ministry (the main police and intelligence body in the country) it would be bad for several reasons,” Kendra Schaefer, a data and technology analyst at consultancy Trivium China, said on Twitter. “The most obvious is that it would be among the biggest (security) flaws in history.”
In her opinion, given that the recently approved personal data protection law obliges government institutions to protect citizens’ information, the ministry would have failed in its duty to confirm that the alleged data came from it.
Schaefer said that for now “it is not clear who is to blame,” since the leak could have occurred through a platform in the cloud of one of the great Chinese technology companies.
The government has moved to censor online results on the topic in the country’s main search engine Baidu, with messages appearing that claim there’s no information about the alleged breach. EFE