‘ChinaDan’ Hacks 1 BILLION Police Records from Shanghai: 23TB of PII for Sale

“China’s Largest Data Leak” is causing a kerfuffle in Beijing. A hacker calling themself ChinaDan is holding 23 terabytes of personal data for ransom.

For the low, low price of just 10 bitcoins, you too can blackmail or steal the identity of a billion Chinese citizens. The scale is simply staggering. Add the idea that it came from a Shanghai Police database and it becomes truly remarkable.

Predictably, the Chinese Communist Party is censoring news of the leak. In today’s SB Blogwatch, we don’t expect to be read behind The Great Firewall.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Hot Detectives in Your Area.


What’s the craic? Sarah Zheng, Coco Liu and Dong Cao report—“Hackers Claim Theft of Police Info in China’s Largest Data Leak”:

Underscored the challenges facing Beijing
The person or group claiming the attack has offered to sell more than 23 terabytes of stolen data from the database, including names, addresses, birthplaces, national IDs, phone numbers and criminal case information. … The unidentified hacker was asking for 10 bitcoin, worth around $200,000. The scale of the alleged leak has sent shockwaves through the Chinese security community.

The US and other nations have repeatedly identified China as one of the world’s biggest sources of cybercriminals. … Domestic breaches are however rarely disclosed because of a lack of transparent reporting mechanisms. … The latest alleged incident again underscored the challenges facing Beijing as it collects data on hundreds of millions of people while tightening policing of sensitive online content.

DevOps Unbound Podcast

And then, the other shoe. Ryan McMorrow, Gloria Li, Cheng Leng and Nian Liu add—“China censors news of alleged hacking”:

Authorities did not comment
China is rapidly censoring news of the alleged hacking of a Shanghai police database that threatens to expose the personal data of more than 1bn people. … The alleged hack set Chinese social media abuzz for a brief period over the weekend, but by Monday microblogging network Weibo and Tencent’s WeChat had begun to censor the topic.

One Weibo user with 27,000 followers said a viral post about the hack had been removed by censors and that she had already been invited by local authorities to discuss the post. Tencent’s WeChat also appears to have removed the news, including a public post [on] a well-known cyber security … blogger’s public page, “JohnDoes loves study.”

Shanghai authorities did not comment on the alleged data leak. … Alibaba declined to comment.

But is it true? Troy Hunt seems to think it is:

This is pretty sensational if true. I spoke to [WSJ reporter] Karen Hao yesterday and … she’d reached out to individuals in the dump and they’d confirmed the accuracy of the data. This isn’t data aggregator stuff either, it’s police reports so very unique data.

Wait. Pause. A billion records? For one large city? Does that pass the sniff test? Aristos Mazer thinks it does:

Shanghai’s database almost certainly includes anyone who visits the city, and that makes 1B easily believable.

We talk a lot about how China is an oppressive regime, but for many Chinese citizens, life seems pretty normal—to them. lglethal wonders if things are about to change:

The truth is that the vast majority of Chinese in the middle classes dont find themselves on the radar of the CCP, and so live relatively comfortably. With the data in these breaches though … it would be child’s play for someone to falsely obtain loans leaving the real people being chased by not very nice people wanting repayments for the debt and you better believe there wont be any support from the CCP there.

Alternatively, people can start agitating against the CCP using fake names and identities and leave the real people behind those identities in a whole other world of pain.

Could this get any worse? Way worse, thinks Adam Cochran:

It’s way worse. … Indications are this was an exploit of servers from Alibaba’s web hosting service (Aliyun) and that tons of other services across Asia … have had data dumps in the past 72 hours.

Who would do this? hdyoung sounds worried for “him”:

If he’s in China, he’s an idiot. He’ll probably be shot.

If he’s in the US, he’s probably safe. No extradition treaty and China doesn’t seem to be doing any overseas assassinations, unlike Russia. On the other hand, if he has family members on the mainland, they’re gonna pay dearly for this.

How could this happen? Hard-coded creds, according to Changpeng Zhao:

Apparently, this exploit happened because the gov developer wrote a tech blog on CSDN [China Software Developer Network] and accidentally included the credentials.

Meanwhile, Gene Cash is shocked:

Putting the real credentials in a blog article? That’s just basic stupidity. … There’s someone who needs the rubber-hose re-education.

And Finally:

How Envigorating

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Allshots Imaging (cc:by-nd; cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 542 posts and counting.See all posts by richi

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)