Hacker claims to have stolen a massive database from the Shanghai police. The leak would be among the largest in China's history if confirmed.
A Breach Forums user ChinaDan announced to have obtained 23 terabytes of data on one billion Chinese nationals and several billion case records from the Shanghai police.
Breach Forums is a marketplace that hackers and threat actors use to buy and sell data. The website is a successor to the now-defunct Raid Forums website.
ChinaDan claims that the leaked database contains records of one billion citizens' names, addresses, birthplace, national ID numbers, and mobile numbers. All crime cases and case details Shanghai police had are also said to be in the database.
Hackers selling the data claim that the dataset was stored on Alibaba's private cloud server.
The database is sold for 10 Bitcoins, or roughly $200,000. According to ChinaDan's post, the information in the database is recent since the leak happened sometime this year.
Big if true
According to Reuters, the leak sparked a wave of posts on China's largest social network Weibo. The hashtag' data leak' was blocked on the social network by Sunday afternoon.
According to Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, the leak would stand among the largest if confirmed.
"It's hard to parse truth from rumor mill but can confirm file exists. If the source is indeed MPS, that would be bad for a number of reasons. Most obviously, it would be among the biggest and worst breaches in history," Schaefer posted on Twitter.
Schaefer also linked to a post by Zhao Changpeng, the CEO of Binance, where he said that the company's threat intelligence detected 1 billion resident records for sale on the dark web.
While Changpeng does not specify whether he's talking about the Shanghai police leak, the information his team found closely corresponds with what was announced on Breach Forums.
"It's unclear who's at fault — some of the internet comments state one of the developers posted an access key on his blog, which was then exploited by the hackers. In any case, heads will roll over this one," Schaefer wrote.
More from Cybernews:
Subscribe to our newsletter