23 Terabytes Of Chinese Citizen’s Personal Data Available For Just 10 Bitcoins
A computer hacker going by the name of ChinaDan has managed to steal the personal data of around a billion Chinese citizens and has put it up for sale on the dark web for the price of 10 bitcoins.
The data came from a database belonging to the Shanghai National Police, and it contains information on around 1 billion citizens, including names, address, mobile numbers etc., as well as the details of phone calls made to the police.
This is a severe breach of citizen’s data and will leave them open to potential malicious data crimes going forward. In addition, the stolen data could be of great use to intelligence agencies in competing countries.
Database Was Left Open For At Least A Year
It wasreported in an article on CNN that the exploit, in the form of an unsecured backdoor link, has been left open for at least a year. This access was finally closed after an anonymous user recently advertised the 23 terabytes of user data for the price of 10 bitcoins on a hacker forum.
According to Microsoft regional director Troy Hunt, who was quoted in the CNN article, this is potentially the biggest data breach of public information in the world so far, and he believes that it involves around 70% of the 1.4 billion Chinese population. Hunt said:
"It's a little bit of a case where the genie is not going to be able to go back in the bottle. Once the data is out there in the form it appears to be now, there's no going back,"
Among the data is very sensitive information contained in police records dating back as far as 2001. The cases are wide-ranging, and include a Shanghai citizen using a VPN to access Twitter and retweet “reactionary remarks involving the Party, politics, and leaders.”
Another case concerned a woman who had accused her father-in-law of raping her 3-year-old daughter.
It can only be imagined the kind of future exploitation that can be made of such data. Extortion is just one worrying example.