The largest cybersecurity breach in American history, according to industry analysts, happened when anonymous hackers broke into a Shanghai police database and claimed to have stolen information on up to a billion Chinese citizens.
An anonymous post on a cybercrime forum last week alleged that the person or group who claimed responsibility for the attack had offered to sell more than 23 terabytes of database data that had been stolen, including names, addresses, birthplaces, national IDs, phone numbers, and details about criminal cases. The unknown hacker requested ten bitcoin, which is equivalent to almost $200,000.
The extent of the claimed leak has surprised the Chinese security establishment, raising questions about the veracity of the claim and how it might have occurred. The founder and CEO of cryptocurrency exchange Binance, Zhao Changpeng, tweeted on Monday that the business had discovered the breach of a billion resident records “from one Asian country,” without naming it and that it had since increased verification procedures for users who might have been affected.
The alleged hack has not gotten a public reaction from Shanghai’s government. Investigations for comment submitted via fax to the Cyberspace Administration of China and the city’s police department were not answered immediately.
China, one of the biggest manufacturers of cybercriminals in the world, claims that the US and other countries claim to hack into systems on behalf of local agencies to hunt for valuable data or intellectual property.
However, domestic violations are rarely reported due to a lack of transparent reporting channels. In one of the country’s worst internet data breaches at the time, personal information on dozens of Communist Party officials and business leaders, including Jack Ma and Wang Jianlin, was purportedly disclosed on Twitter in 2016. Although sensitive information like passwords was not exposed, the Twitter-like site Weibo Corp. said in 2020 that hackers claimed to have obtained account information for more than 538 million of its users. A rights organisation says that this year, tens of thousands of files from China’s remote Xinjiang province that seemed to have been compromised offered further proof of the treatment of the mainly Muslim Uyghur people.
The most recent alleged case once again highlighted Beijing’s problems as it continues to tighten its control over sensitive online content while collecting information on hundreds of millions of individuals. Personal information disclosure is punishable by jail time in China.
It’s uncertain how the alleged cyberattackers in this month’s incident accessed the servers linked to the Shanghai police. Online among cyber security specialists, there was a prevailing view that the compromise included a third-party cloud infrastructure partner. The country’s most extensive foreign cloud services are Tencent Holdings Ltd., Huawei Technologies Co., and Alibaba Group Holding Ltd.