Cyber criminals have made their way into a Shanghai National Police database, in the largest exploit of personal information in the country’s history.
Residents of China are reeling today from the news that a cybersecurity breach led to the personal information of more than a billion people being made available to hackers. The sensitive data came from a Shanghai National Police (SHGA) database that was left unsecured in what is the largest cybersecurity gap in the country’s history.
The nature of the exploit was discovered on July 5, when a cybercriminal, with the username ChinaDan, accessed the vast amount of information held by Chinese citizens on a web forum for the amount of $200,000, or 10 Bitcoin.
On the forum, the hacker wrote: “In 2022, the SHGA database was leaked. This database contains a lot of TB of data and information about billions of Chinese citizens [sic]† Databases contain information on 1 billion Chinese national residents and several billion records, including: name, address, place of birth, national ID number, mobile number, all crime/case details.”
According to cybersecurity experts, the data on the SHGA server was stored securely until an adversary arranged a gateway, which allowed the server’s firewall to be breached. According to the New York Timesthe gateway to the SHGA database was not password protected.
TO SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
The scope of the security breach
The attack allegedly took place due to SHGA’s unsecured servers, leading to the vulnerability of the sensitive information. Chinese authorities have been known to collect massive amounts of data about their citizens in various ways by tracking their movements, their social media posts, and even going so far as to log the DNA in of some of its citizens.
This amount of personal information available to everyone may seem overwhelming to people in the western world, but in China, both the tendency towards unsecured servers and the amount of sensitive data collected is nothing new. According to the New York Times report, several citizens said they were not afraid that their information would become available online.
The SHGA breach isn’t the only database of security vulnerabilities, as a separate anonymous poster is offered to sell data related to another police database, this time in Henan, which is home to more than 90 million people.
It remains to be seen which person or group will claim responsibility for the attack, but an extensive amount of information about the citizens of Shanghai is on the internet for possible purchases.
