China records biggest ever database leak in history, 1 billion personal data breached

Anonymous user advertises to sell more than 23 terabytes of data for 10 bitcoin on hacker forum

Read more...
File photo

By ANI

Published: Wed 6 Jul 2022, 9:12 PM

China recorded the biggest ever database leak in history with nearly one billion personal data being online for more than a year.

The leak could be one of the biggest ever recorded in history, cybersecurity experts say, highlighting the risks of collecting and storing vast amounts of sensitive personal data online, reported CNN.

"As it stands today, I believe this would be the largest leak of public information yet -- certainly in terms of the breadth of the impact in China, we're talking about most of the population here," said Troy Hunt, a Microsoft regional director based in Australia.

Advertising
Advertising

The online database contained the personal information of up to one billion Chinese citizens and was noticed after an anonymous user in a hacker forum offered to sell the data last week.

The anonymous user advertised to sell more than 23 terabytes (TB) of data for sale for 10 bitcoin -- roughly $200,000 -- in a post on a hacker forum last Thursday.

The user claimed the database was collated by the Shanghai police and contained sensitive information on one billion Chinese nationals, including their names, addresses, mobile numbers, national ID numbers, ages and birthplaces, as well as billions of records of phone calls made to police to report on civil disputes and crimes, reported CNN.

The vast trove of Chinese personal data had been publicly accessible via what appeared to be an unsecured backdoor link - a shortcut web address that offers unrestricted access to anyone with knowledge of it -- since at least April 2021, according to LeakIX, a site that detects and indexes exposed databases online.

A sample of 750,000 data entries from the three main indexes of the database was included in the seller's post.

Meanwhile, the Shanghai government and police department did not respond to CNN's repeated written requests for comment.

The seller also claimed the unsecured database had been hosted by Alibaba Cloud, a subsidiary of Chinese e-commerce giant Alibaba.

Alibaba said "we are looking into this" and would communicate any updates. On Wednesday, Alibaba said it declined to comment to CNN.

China is home to 1.4 billion people, which means the data breach could potentially affect more than 70 per cent of the population.

It is unclear how many people have accessed or downloaded the database during the 14 months or more it was left publicly available online.

Unsecured personal data - exposed through leaks, breaches, or some form of incompetence - is an increasingly common problem faced by companies and governments around the world, and cybersecurity experts say it is not unusual to find databases that are left open to public access.

The latest data leak is particularly worrying, cybersecurity researchers say, not only because of its potentially unprecedented volume, but also the sensitive nature of the information contained.

The Chinese government recently stepped up efforts to improve protection of online user data privacy. Last year, the country passed its first Personal Information Protection Law, laying out ground rules on how personal data should be collected, used and stored.

ANI

Published: Wed 6 Jul 2022, 9:12 PM

Recommended for you