China issues security warning after sale of stolen data

Advertisement

In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police

Chinese President Xi Jinping has urged public bodies to “defend information security” after a hacker offered to sell stolen data of one billion Chinese citizens.

In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police, the BBC reported.

The hacker claims the information includes names, addresses, National ID numbers and mobile phone numbers.

Cyber-security experts have verified that at least some of a small sample of the data offered is real.

The 23 terabytes of data is thought to be the largest ever sale of data on record and was being offered for $200,000 until the post was removed on Friday.

No Chinese officials have responded to the news and President Xi did not make direct reference to the data sale.

But, according to the South China Morning Post, the President has asked public bodies in China to “defend information security… to protect personal information, privacy and confidential corporate information” to ensure people feel secure when submitting data for public services.

On Friday, the moderators of the website where the sale was listed, by a user called ChinaDan, posted a notice which read: “Dear Chinese users, welcome to our forum. You most likely came here because of the Shanghai police database leak. The data is no longer being sold, and posts related to this topic have been deleted.”

The website administrators then added that they have many other similar and high quality Chinese databases for sale, adding: “We are not in China and we are not Chinese, so we do not have to obey Chinese laws,” the BBC reported.

According to DarkTracer, which monitors cyber criminal activity, another hacker, perhaps inspired by the publicity surrounding ChinaDan’s offer, posted an advert on Tuesday for 90 million Chinese citizen records, which the hacker claims to have stolen from Henan National Police (HNGA).

None of that data has been verified.

“It remains unclear exactly why the data has been withdrawn,” the BBC quoted Toby Lewis, global head of threat analysis at Darktrace, as saying.

“The original offer of sale suggests that the hacker was looking to sell the data to several buyers without exclusivity, rather than just one.

“So one theory is that for a high enough price exclusivity could have been bought, and that kind of purchase could possibly have been made by the Chinese state itself,” he added.

ALSO READ: Reshaping Hong Kong into China with controls, surveillance

[mc4wp_form id=""]