BEIJING: A hacker claiming to have stolen private data from lots of of thousands and thousands of Chinese residents is now promoting the knowledge on-line.
A pattern of 750,000 entries posted on-line by the hacker confirmed residents’ names, cell phone numbers, nationwide ID numbers, addresses, birthdays and police reviews that they had filed.
AFP and cybersecurity consultants have verified a number of the citizen data within the pattern as genuine, however the scope of all the database is difficult to find out.
Advertised on a discussion board late final month however solely picked up by cybersecurity consultants this week, the 23-terabyte database – which the hacker claims accommodates the information of a billion Chinese residents – is being offered for 10 bitcoin (roughly US$200,000).
“It looks like it’s from multiple sources. Some are facial recognition systems, others appear to be census data,” stated Robert Potter, co-founder of cybersecurity agency Internet 2.0.
“There is no verification of the total number of records and I’m sceptical of the one billion citizens number,” he added.
China maintains an intensive nationwide surveillance infrastructure that siphons huge quantities of data from its residents, ostensibly for safety functions.
Growing public consciousness of data privateness has led to stronger data safety legal guidelines concentrating on people and personal corporations lately, though there’s little residents can do to cease the state from amassing their data.
Some of the leaked data gave the impression to be from specific supply consumer information, whereas different entries contained summaries of incidents reported to police in Shanghai over a span of greater than a decade, with the newest from 2019.
The incident reviews ranged from site visitors accidents and petty theft to rape and home violence.
‘Heads will roll’
At least 4 folks out of over a dozen contacted by AFP confirmed their private particulars, comparable to names and addresses, as listed within the database.
“So that’s why so many people have been adding my WeChat over the past few days. Should I report this to the police?” stated one lady surnamed Hao.
“I’m really confused about why my personal data has been leaked,” stated one other lady surnamed Liu.
In replies to the unique publish, customers speculated that the data might have been hacked from an Alibaba Cloud server the place it was apparently being saved by the Shanghai police.
Potter, the cybersecurity analyst, confirmed that the recordsdata have been hacked from Alibaba Cloud, which didn’t reply to an AFP request for remark.
If confirmed, the breach could be one of many largest in historical past and a major violation of the just lately accepted Chinese data safety legal guidelines.
“Heads will roll over this one,” tweeted Kendra Schaefer, tech associate at analysis consultancy Trivium China.
China’s cybersecurity administration didn’t reply to a fax requesting remark. – AFP