China censors information about alleged Shanghai police database hack
China is swiftly censoring information about an alleged Shanghai police database hack that threatens to expose the personal data of more than a billion people, in what could be one of the biggest leaks private information ever recorded.
An anonymous hacker announced the data to an online cybercrime forum late last month, saying the full file for sale contained terabytes of details, including names, addresses, IDs, phone numbers and criminal records. of over a billion Chinese.
The alleged hack sent Chinese social media into a frenzy for a brief period over the weekend, but by Monday Tencent’s Weibo and WeChat microblogging network had begun censoring the topic.
Hashtags such as “data leak”, “Shanghai national security database breach” and “1 billion leaked citizen records”, which had garnered millions of views and comments, were blocked on Weibo, similar to Twitter.
A Weibo user with 27,000 followers said a viral post about the hack was deleted by censors and she had already been invited by local authorities to discuss the post.
Tencent’s WeChat also appears to have deleted the news, including a public post from a well-known cybersecurity blogger. The message, which was posted on the blogger’s public page “JohnDoes loves study”, detailed the implications of the massive data breach. It was no longer accessible on Tuesday.
Chinese search engine Baidu showed few results on the topic, with links it provided to discussions about the Zhihu hack inaccessible on Tuesday.
The hacker, writing as ChinaDan, uploaded a description and sample of the data transport to the online forum and named a purchase price: 10 bitcoins, or about $200,000.
While the United States frequently accuses Chinese hackers of stealing information about American citizens and probing their networks, Beijing has long denied these allegations and claimed instead that it was the country that faced the most cyber attacks. intrusions.
Usually, these leaks remain hidden from the public, as companies and governments across the country prefer to say little about data loss.
Shanghai authorities did not comment on the alleged data leak. The Shanghai government did not respond to a request for comment, and the Cyberspace Administration of China (CAC), which controls the country’s internet and is responsible for data security, did not respond to questions sent by fax.
The hacker said the stolen information was retrieved from a private cloud service provided by internet company Alibaba. Alibaba declined to comment.
The veracity of the data remains unclear. Some users writing on the cybercrime forum said the sample data included details of parcel collection, suggesting it could be information about the delivery company rather than a police database. . But the Wall Street Journal reported that at least some of the information provided was real.
Changpeng Zhao, managing director of crypto exchange Binance, wrote on Twitter that the company detected the hack and speculated that a government developer had inadvertently released credentials to access the database. data on an online forum.
In the past, the Internet in China was full of citizens’ personal data for sale. But CAC has largely cleaned that up in recent years, rolling out some of the toughest data security laws in the world.
Additional reporting by Cheng Leng in Hong Kong and Nian Liu in Beijing