Hacker Sells Data of One Billion Chinese Citizens on Dark Web

A hacker under the nickname ChinaDan put up for sale data on a one billion Chinese citizens – these are several databases that contain more than 22 TB of information. The attacker valued this dump at 10 bitcoins (about $195,000).

ChinaDan claims the data was stolen from the Shanghai National Police (SHGA) and the database contains names, addresses, national ID numbers, contact numbers and information on several billion criminal convictions.

Let me remind you that we also wrote that Chinese authorities use AI to analyze emotions of Uyghur prisoners, and also that China has officially legalized the “Social Credit System”.

To prove his words, the hacker has already published a sample of data containing 750,000 records in the public domain. In addition to the information listed above, the sample even contains data on the transport of detainees and instructions for drivers.

According to the attacker, the data was stolen from Aliyun’s local private cloud (Alibaba Cloud), which is part of the Chinese police network.

The Wall Street Journal journalists decided to make sure that the data in the dump was indeed genuine and for this they tried to contact people whose information can be found in this database.

Even the head of the Binance cryptocurrency exchange, Changpeng Zhao, drew attention to this colossal leak. He said on Twitter that his company’s experts believe that the ElasticSearch database, which the Chinese government accidentally left unprotected, was the cause of the leak.

He later added that the attack was due to the fact that a government developer wrote a technical blog post on CSDN and accidentally forgot to hide the credentials in the post.