Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Data Breaches

Shanghai National Police database hacked – 1 billion Chinese citizens leaked

Paul Anderson by Paul Anderson
July 7, 2022
in Data Breaches
0
Shanghai China police database hack
27
SHARES
448
VIEWS
Share on FacebookShare on Twitter

A hacker going by the pseudonym “ChinaDan” has posted a thread on a popular hacking forum BreachForums, stating that they are selling Shanghai’s National police database (SHGA).

You might also like

US politicians personal details compromised in hack

Acer corporate confirms breach – data being sold for Monero

Blackmailing data thieves who targeted thousands of businesses apprehended

The hacker states that the database contains multiple terabytes of data containing roughly a billion Chinese citizen records.

The data was apparently siphoned from the host: http://oss-cn-shanghai-shga-d01-a.ops.ga.sh

The leaked data contains 1 billion Chinese national resident records and several billion case records, including:

  • Names
  • Addresses
  • Birthplace
  • National ID number
  • Mobile number
  • All crime & case details

Due to speculation about the sheer amount of data ChinaDan has access to, he shared a sample of 750,000 records. These records contained delivery info, ID information, and police phone call records. This sample allowed interested buyers to have some proof before making such a large purchase.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens,” the hacker stated in his post last week.

The hacker verified the info was exfiltrated from a local private cloud supplied by Aliyun (Alibaba Cloud), a component of the Chinese police network.

ChinaDan steals 1 billion chinese citizen data
ChinaDan posting his sales thread on BreachForums, source: ZeroSecurity

Binance CEO Zhao Changpeng has looked into this massive data breach and has confirmed it’s legitimate via his company’s threat intelligence experts. They stated the leak was possibly due to an ElasticSearch database that the Chinese government posted online by accident.

“Our threat intelligence detected 1 billion resident records for sale on the dark web, including name, address, national id, mobile, police, and medical records from one Asian country. Likely due to a bug in an Elastic Search deployment by a gov agency,” Zhao stated.

“This has an impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”

Zhao tweeted later that “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.”

Shanghai national police leak
A developer accidentally leaked credentials on a CSDN tech blog, source: @cz_binance on Twitter

Wall Street journalist Karen Hao contacted over a dozen individuals who had their info presumably compromised in the breach and claimed that a number of them verified all the info obtainable in the 750k sample.

“At this point, it’s impossible to confirm the scale of the data leak, but five of the people who picked up verified all of the case details listed with their name — information that would be difficult to obtain from any source other than the police,” Hao added.

“The other four confirmed basic information like their names before hanging up.”

If the leak is proven to be legitimate, this will go down in history as the largest data breach to have ever hit China, and will also go down as one of the largest data breaches in history.

Tags: chinaShanghai National Police
Share24Tweet7
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

US politicians personal details compromised in hack

by Kyle
March 9, 2023
0
US politicians personal details compromised in hack

A hacker has claimed that personally identifiable information (PII) belonging to several members of the US Congress may have been compromised in a cyberattack on DC Health Link,...

Read more

Acer corporate confirms breach – data being sold for Monero

by Kyle
March 8, 2023
0
Acer corporate confirms breach – data being sold for Monero

Acer, the sixth-largest PC maker in the world, has confirmed that it suffered a data breach in mid-February 2023 that compromised its intellectual property and other sensitive data....

Read more

Blackmailing data thieves who targeted thousands of businesses apprehended

by Paul Anderson
February 26, 2023
0
Blackmailing data thieves arrested by Dutch police

The Dutch police recently apprehended three additional suspects in what is considered one of the most significant data extortion cases to date. These suspects, aged between 18 and...

Read more

State sponsored hackers were in News Corp’s servers for two years

by Christi Rogalski
February 24, 2023
0
News Corp Hacked

News Corporation (News Corp), a media and publishing powerhouse, has reported that the attackers responsible for the data breach they disclosed in 2022 had accessed their systems two...

Read more

Healthcare Provider Kaiser Permanente Suffers Data Breach Impacting 70k Patients

by Paul Anderson
June 18, 2022
0
Kaiser Permanente suffers data breach

Founded in July 1945, Kaiser Permanente is an integrated managed care consortium with its headquarters located in Oakland, California. Kaiser is arguably the largest non-profit health care and...

Read more
Next Post
Citrix CWE-284 CVE-2022-27511 exploit

Citrix exploit CWE-284 allows hackers to reset admin password

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.