In what could be the biggest-ever data breach, sensitive personal information about more than a billion people has been leaked from a government agency, possibly from China, and put up for sale on Dark Web for 10 Bitcoins.
Changpeng Zhao, CEO of cryptocurrency exchange Binance, tweeted that their threat intelligence detected 1 billion resident records for sale on the Dark Web.
“It includes name, address, national ID, mobile, police and medical records from one Asian country. Likely due to a bug in an ElasticSearch deployment by a government agency,” Zhao claimed in his tweet late on Monday.
“This has an impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc. It is important for all platforms to enhance their security measures in this area,” he further posted.
Binance has already stepped up verifications for users potentially affected, Zhao said.
Massive personal data dump
Media reports claimed that this leaked data may belong to Chinese citizens as a user on an underground hacking forum claimed to be selling a 23TB database for 10 Bitcoins of billions of Chinese citizens.
The information may have been leaked from the Shanghai National Police (SHGA) database, although the Chinese government was yet to react to this.
“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens,” the post by the user named ‘ChinaDan’ said that also went viral on Telegram.
“Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details,” the post added.
The data breach was also referenced by rights activist Fu Xianyi on Twitter, who said the leak was from the “Shanghai public security database”, reports RFA.
“Most likely it was leaked from Alibaba Cloud,” the report mentioned.
(With inputs from IANS)