A cyberthief going by the name ‘China Dan’ claims to have stolen personally identifiable information of 1 billion Chinese citizens.
According to an ad seen by Bleeping Computer on a dark web marketplace, the threat actor says the database contains 22 terabytes of records exfiltrated from Shanghai National Police servers. China Dan is selling the database, allegedly containing the residents’ names, addresses, contact information and criminal record checks, for 10 Bitcoin.
“In 2022, the Shanghai National Police (SHGA) database was leaked,” the post reads.
“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: Name, Address, Birthplace, National ID Number, Mobile number, All Crime / Case details.”
The hacker also shared a sample containing 750,000 records of user data for potential buyers check out.
The breach was confirmed by Binance’s CEO, who said the leak was probably due to a misconfiguration on an ElasticSearch database server.
“Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country,” Zhao Changpeng tweeted. “Likely due to a bug in an Elastic Search deployment by a gov agency.”
Is your private data being sold on the dark web? Time to find out with Bitdefender’s Digital Identity Protection service. With our privacy-focused tool you can take control of your digital footprint and fend of threats to your financial wellbeing. Subscribers get 24/7 data breach monitoring and alerts for up to five email addresses so you check if your private information is part of any legal and illegal collections of data that could put you at risk of identity theft, account takeover and fraud.
Plans begin from as little as $3.33/per month. Find out more here.