An unidentified hacker on a forum is selling 23TB+ of allegedly stolen data on up to 1B Chinese residents for 10 BTC, after breaching a Shanghai police database
Good morning, and welcome to Tuesday's Asia Links Sead Fadilpašić / TechRadar : Mystery hacker claims to have conducted one of the largest data heists in history Adam Robertson / crypto.news : Hacker Offers to Sell 23 Terabytes of Stolen Data Belonging to Chinese Citizens for 10 Bitcoin Waqas / HackRead : Hacker Selling Shanghai Police Database with Billions of Chinese Citizens Data John P. Njui / Ethereum World News : Binance Steps Up Verifications for Users Potentially Affected by Data Breach Targeting 1B Chinese Citizens Oluwapelumi Adejumo / CryptoSlate : Hacker wants 10 Bitcoin in exchange for Chinese citizens' stolen data Vishal Chawla / The Block : Hacker asks for 10 bitcoin for allegedly stolen data of a billion Chinese citizens Matthew Humphries / PCMag : A Hacker Is Selling the Personal Details of 1 Billion Chinese Citizens Vilius Petkauskas / Cybernews.com : Data on 1 billion Chinese citizens may have leaked from the Shanghai police Jack Denton / Barron's Online : Binance Chief Says Massive Hack Detected in Asia. There May Be Trouble in China. Nidhish Shanker / CoinGape : Binance Says Some Users Potentially Hit By China's Biggest Data Breach Another Day in Crypto : Another Day in Crypto #19 — Hello everyone. — Hope you're doing well!!! Security in WEB3 Newsletter : Security in WEB3 - Issue 5 : 04-July-2022 Tweets: @cz_binance : Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on ... Zeyi Yang / @zeyiyang : Gigantic civilian data leak if confirmed: A hacker is selling an alleged Shanghai police data leak containing 1 billion Chinese nationals' names, home addresses, ID #, phone #, criminal records, etc. Hacker says it's from an Aliyun (Alibaba) private cloud server. https://twitter.com/... Karen Hao / @_karenhao : A hacker is selling an alleged 1 billion Chinese citizens' information stolen from Shanghai police. @rachelliang5602 & I downloaded the sample the hacker provided and called dozens of people listed. Nine picked up & confirmed exactly what the data said. https://www.wsj.com/... @cz_binance : Apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials. 1 billion records of private citizens' data. 😭 https://twitter.com/... https://twitter.com/... John Koetsier / @johnkoetsier : Western intelligence agencies will be ALL OVER THIS “the databases contain Chinese national residents' names, addresses, national ID numbers, contact info numbers, and several billion criminal records” https://www.bleepingcomputer.com/ ... Troy Hunt / @troyhunt : This is pretty sensational if true. I spoke to @_KarenHao yesterday and per her thread below, she'd reached out to individuals in the dump and they'd confirmed the accuracy of the data. This isn't data aggregator stuff either, it's police reports so very unique data. https://twitter.com/... https://twitter.com/... Dare Obasanjo / @carnage4life : Personal data for a billion Chinese users leaked because a developer included the server info and API access tokens in the code snippets of a blog post is bonkers. This is why many tech orgs have a review process for technical blog posts. The overhead is extremely worth it. https://twitter.com/... Troy Hunt / @troyhunt : If this is accurate, wow, I mean... just wow 😮 https://twitter.com/... CTO Larsson / @ctolarsson : And EU thinks their upcoming database mapping wallet addresses to name & street address isn't going to leak to criminals? https://twitter.com/... David Paulk / @davidpaulk : A hacker claims to have obtained a trove of personal information from the Shanghai police on 1 billion Chinese citizens, and has offered to sell the 23 terabytes of data — including names, addresses, national ID numbers and phone numbers — for 10 bitcoin. https://www.reuters.com/... Rui Ma / @ruima : A big wake up call for China. Sad for the victims. https://twitter.com/... William Yang / @williamyang120 : A vast trove of data on Chinese citizens allegedly siphoned from a police database, some of which checks out as legitimate, is being offered for sale by an anonymous hacker or hacking group. https://www.wsj.com/... Jonas Simanavicius / @jsimanavicius : 1/ Possibly the most significant #databreach in history has occurred with over 1 Billion residents' information exposed. This likely happened due to an improper setup of a popular tool made by @elastic. The database was left vulnerable online for any malicious user to exploit. https://twitter.com/... Daniel Sinclair / @_danielsinclair : A surveillance state is just a helpful dataset for your adversaries to inevitably obtain. They probably all had access already, but all of the intelligence agencies are combing through this to find new espionage targets. https://twitter.com/... @cz_binance : hacker detection/prevention measures, mobile numbers used for account take overs, etc. It is important for all platforms to enhance their security measures in this area. @Binance has already stepped up verifications for users potentially affected. Stay #SAFU. 🙏 Isaac Stone Fish / @isaacstonefish : A hacker is selling billions of records of Chinese data stolen from police in Shanghai, at least some of which is legitimate. If confirmed, it would mark one of history's largest leaks of personal data. https://www.wsj.com/... @pcaversaccio : 10 BTC for personal records belonging to more than 1 billion Chinese citizens. Seems unreal... https://breached.to/... https://twitter.com/... https://twitter.com/... @anitaposch : This is what will happen with collected data from police and government. It'll be stolen. The more we're surveilled for the sake of fighting terrorism and money laundering, the more data will be stolen or sold, which will be used to attack us. #privacy https://www.bloomberg.com/... Kendra Schaefer / @kendraschaefer : If you're not following this, you should be: word on the social media street is that China's police force (MPS - Shanghai) database was hacked, with the personal information and case records of 1 billion citizens, and the records are for sale on Telegram - 23TB of data. 1/7 https://twitter.com/... @_karenhao : At this point, it's impossible to confirm the scale of the data leak, but five of the people who picked up verified all of the case details listed with their name — information that would would be difficult to obtain from any source other than the police. @_karenhao : The other four confirmed basic information like their names before hanging up. One man, upon hearing why we had his information, sighed in resignation: “We are all running naked,” he said, using popular Chinese slang for a lack of privacy. @_karenhao : The sample contains individuals' personal names, national ID numbers, phone numbers, birthdays and birthplaces, as well as detailed summaries of crimes and incidents they had reported to the police. Zheping Huang / @pingroma : Shanghai police database with one billion PRC residents info got hacked in the biggest cybersecurity breach in China's history. https://www.bloomberg.com/... by @_szheng https://twitter.com/... Sam Shead / @sam_l_shead : Hacker(s) wants 10 bitcoins for over 23 terabytes of data that has been stolen on around 1 billion Chinese citizens https://www.bloomberg.com/... Zeyi Yang / @zeyiyang : CZ, founder and CEO of Binance, talked about the leak here: https://twitter.com/... I wonder if Binance bought or would buy the leaked data. https://twitter.com/... Wu Blockchain / @wublockchain : CZ: detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records (may China), likely due to a bug in an Elastic Search deployment by gov. Binance has stepped up verifications for users potentially affected. https://twitter.com/...