Hackers say they’ve breached the data of one billion Chinese citizens from a Shanghai police database and offered it for sale, a leak that, if confirmed, would be one of the largest exposures of personal information in history, the Washington Post reports. In a post on an underground hacker forum, an anonymous poster advertised the availability of the data and released a sample, which purportedly contained 750,000 records. The asking price for the complete, 23-terabyte database was 10 bitcoin, or around $200,000. The post has since been locked by the site. The data included names, national identification and phone numbers, medical records, details from police reports and other information. While the authenticity of the full database had not been confirmed, a review of some ID numbers appeared to track with information on a government website.
The breach came after China’s Personal Information Protection Law took effect last year, imposing stringent security safeguards on corporate and government entities that handle personal information. The law was passed after Chinese regulators ordered more than 40 companies to change their operations for violating data transfer rules, Reuters reported. Kendra Schaefer of China-focused research team Trivium China said in a Twitter post that the incident was the first major public breach by a government body under the new law. “So it’s unclear who holds who accountable,” she said. I's possible the files had been online before the law became effective . It got public attention only after the alleged hacker released it online. A cybersecurity researcher said he was made aware of the database in January on a public site that opened in April 2021, meaning anyone could have accessed the database since then. There's speculation that government staff accidentally shared the necessary credentials to access the database on the Chinese Software Developer Network, a forum for developers to share code. The unnamed poster claimed that the database was hosted by AliCloud, a subsidiary of Chinese e-commerce giant Alibaba Group.