Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Data Breaches

Shanghai National Police database hacked – 1 billion Chinese citizens leaked

Paul Anderson by Paul Anderson
July 7, 2022
in Data Breaches
0
Shanghai China police database hack
27
SHARES
401
VIEWS
Share on FacebookShare on Twitter

A hacker going by the pseudonym “ChinaDan” has posted a thread on a popular hacking forum BreachForums, stating that they are selling Shanghai’s National police database (SHGA).

You might also like

Healthcare Provider Kaiser Permanente Suffers Data Breach Impacting 70k Patients

Amazon hacked – hacker leaks 80,000 login credentials

Muslim Match hacked – private messages leaked

The hacker states that the database contains multiple terabytes of data containing roughly a billion Chinese citizen records.

The data was apparently siphoned from the host: http://oss-cn-shanghai-shga-d01-a.ops.ga.sh

The leaked data contains 1 billion Chinese national resident records and several billion case records, including:

  • Names
  • Addresses
  • Birthplace
  • National ID number
  • Mobile number
  • All crime & case details

Due to speculation about the sheer amount of data ChinaDan has access to, he shared a sample of 750,000 records. These records contained delivery info, ID information, and police phone call records. This sample allowed interested buyers to have some proof before making such a large purchase.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens,” the hacker stated in his post last week.

The hacker verified the info was exfiltrated from a local private cloud supplied by Aliyun (Alibaba Cloud), a component of the Chinese police network.

ChinaDan steals 1 billion chinese citizen data
ChinaDan posting his sales thread on BreachForums, source: ZeroSecurity

Binance CEO Zhao Changpeng has looked into this massive data breach and has confirmed it’s legitimate via his company’s threat intelligence experts. They stated the leak was possibly due to an ElasticSearch database that the Chinese government posted online by accident.

“Our threat intelligence detected 1 billion resident records for sale on the dark web, including name, address, national id, mobile, police, and medical records from one Asian country. Likely due to a bug in an Elastic Search deployment by a gov agency,” Zhao stated.

“This has an impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”

Zhao tweeted later that “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.”

A developer accidentally leaked credentials on a CSDN tech blog, source: @cz_binance on Twitter

Wall Street journalist Karen Hao contacted over a dozen individuals who had their info presumably compromised in the breach and claimed that a number of them verified all the info obtainable in the 750k sample.

“At this point, it’s impossible to confirm the scale of the data leak, but five of the people who picked up verified all of the case details listed with their name — information that would be difficult to obtain from any source other than the police,” Hao added.

“The other four confirmed basic information like their names before hanging up.”

If the leak is proven to be legitimate, this will go down in history as the largest data breach to have ever hit China, and will also go down as one of the largest data breaches in history.

Tags: chinaShanghai National Police
Share23Tweet6
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Healthcare Provider Kaiser Permanente Suffers Data Breach Impacting 70k Patients

by Paul Anderson
June 18, 2022
0
Kaiser Permanente suffers data breach

Founded in July 1945, Kaiser Permanente is an integrated managed care consortium with its headquarters located in Oakland, California. Kaiser is arguably the largest non-profit health care and...

Read more

Amazon hacked – hacker leaks 80,000 login credentials

by Paul Anderson
July 10, 2016
0
Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of the digital market leader Amazon and leaking login credentials of 80,000 customers. The...

Read more

Muslim Match hacked – private messages leaked

by Paul Anderson
July 2, 2016
0
Muslim match hacked

Niche dating website “Muslim Match” has been hacked. Nearly 150,000 user credentials and information have been leaked online, along with more than half a million private messages between...

Read more

Top Massachusetts hospital suffers a data breach

by Paul Anderson
July 1, 2016
0
Top Massachusetts hospital suffers a data breach

One of the United State's leading hospitals, Massachusetts General (MGH), has fallen victim to a data breach. All data relating to its dental patients has been stolen. The...

Read more

Suspected terrorist database leaked

by Paul Anderson
June 30, 2016
0
Suspected terrorist database leaked

A database of high-risk people and companies, many of which are believed to be to be involved in financial crime, corruption, and terrorism, has been leaked. The so...

Read more
Next Post
Citrix CWE-284 CVE-2022-27511 exploit

Citrix exploit CWE-284 allows hackers to reset admin password

Related News

BlueSky Ransomware backdoors KMSAuto activator

BlueSky Ransomware Infects KMSAuto Activator users

July 20, 2022 - Updated on July 22, 2022
BlackCat Ransomware aka “ALPHV” infections on the rise

BlackCat Ransomware aka “ALPHV” infections on the rise

June 16, 2022 - Updated on July 20, 2022
GIFs in messaging apps are tracking you

GIFs in messaging apps are tracking you

July 19, 2022
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.