On June 30, 2022 a post was made on a dark web site called Breachforums by user ChinaDan. This post included seven hundred fifty thousand files of personal data on Chinese citizens. However this was only to prove that he had the rest. ChinaDan claimed to have over one billion Chinese nationals' files and personal information. This included their names, addresses, birthplaces, National ID number (social security equivalent), phone number, and all crime and case details relating to that person. Around 23 terabytes of personal information. The seven hundred fifty thousand files were just a sampler. He was selling it to any person for ten Bitcoins or the equivalent of 317,000 USD.
This information was obtained from the Shanghai GOV National Police Database and is the largest data breach of personal information in recorded history. Over one billion people's information was released, which is about an eighth of the population of the planet. China is notorious for collecting and monitoring almost their entire population for things like social credit score systems and to limit internet and speech online, so their databases on their own citizens are some of the biggest and most detailed in the world.
How this happened was a Chinese tech developer was writing an article about security systems and the police's security systems and for whatever reason put some of their credentials in the article. This was enough to break into this database and steal the information. This goes to show how least privilege could destroy or break security. Especially a tech writer who does not know what is sensitive or not.
Why this is bad. This is very unfortunate for Chinese citizens for a number of reasons. Several scams could be formed from this. Phishing scams would probably be the most prevalent. People pretending to be cops or law enforcement calling people telling them they need to pay their speeding tickets or fines, which were given to hackers. Knowing address's and ID numbers would also lead to mass identity theft.
According to Bitdefender.com Binance's CEO confirmed the leak being a Chinese resident himself. There is very little any individual Chinese citizens could do in this case to protect their data. Even companies one normally could trust have data leaks that could expose people's information, but never has one on this scale been seen before. Since then Chinese official have updated security and limited the number of people who can view this sensitive information.
Front Page