Recently, a large-scale sale of personal information has caused a stir in Chinese society. The information is said to have been stolen from the Shanghai Public Security System database and includes the household data of 1 billion people. Furthermore, a person claiming to be a hacker caused a stir when he offered to sell information of 1 billion Chinese people for 10 bitcoins (about $200,000). This news quickly became the discussion center of the online community, and it remains to be verified whether the information is accurate or not.
If true, it would be one of the most significant data breaches in Chinese history.
According to China’s MnewsTV, on July 2, Telegram reported that the Shanghai Public Security System database was hacked. The source said that after infiltrating the Shanghai Public Security system, the hacker obtained a vast amount of data, up to 23.88TB, including the personal information of about 1 billion people and billions of pieces of information related to police work.
Leaked information regarding residents of many provinces and cities in China includes name, gender, age, place of birth, photo ID, and mobile phone number; the police information consists of the crime’s time, phone number, and identity of the person reporting the crime.
Billions of police intelligence data, including the reporter’s phone number, the specifics of the incident described by reporters, suspicions of subversive state crimes, etc., are all included.
According to sources, this incident is probably the most terrible information leak since the Communist Party of China was founded in 1949.
Reuters also reported on this matter when an internet user named “ChinaDan” was accused of posting on the hacker forum “Breach Forums” last week, offering to sell more than 23 terabytes of data for 10 bitcoins or roughly $200,000.
Mainland free media websites once posted on the Zhihu website that on June 30, a netizen with the ID “ChinaDan” posted a notice on a forum in a Chinese cyber security circle. It said that the database of an organization in Shanghai (SHGA.gov.cn) was hacked. However, this post was removed by Zhihu’s network administrator within seconds.
The Epoch Times said they could not contact ChinaDan, and the post was widely discussed over the last weekend on China’s Weibo and WeChat social media platforms.
On July 3, discussions with the content “The database of an organization in Shanghai is suspected of being leaked, the data of billions of Chinese citizens is sold for $200,000” and the hashtag “data leak” were blocked on Weibo.
Visiontimes quoted netizens exclaiming: “I see it, I see mine!”; and “Last year I had a collision with another person and paid compensation, all the details of myself and that person are (in) here.”
Population expert Yi Fuxian said on Twitter on July 4, “Shanghai Public Security Database leaked population data of 1 billion people. Among them, data of 250,000 people have been made public. I have obtained population data by age and gender. I have conducted a detailed analysis. The extent of China’s population crisis is beyond anyone’s imagination!”
Mr. Yi Fuxian also said: “The data of these 250,000 people is very random. Using regular phrases to search for 4,775 independent district names (with repetition in different spellings, there are actually less than 3,000 districts in reality). For example, there are Mohe in Heilongjiang, Tengchong in Yunnan, Yark in Xinjiang, Guzhang in Hunan with 100,000 people, Foping in Shaanxi with 20,000 people, and Zanda in the Ali region of Tibet with several thousand people. I also found the village next to mine.”
In recent years, there have been many reports of information leaks from the personal databases of mainland Chinese citizens.
Mainland media reported that, on June 21, 2021, the database information of Chaoxing Xuetong University’s student learning software was suspected to be publicly offered for sale. The alleged leaked data included almost 173 million pieces of information such as name, mobile number, gender, school, student ID, and email address.
On April 19, 2021, the mainland’s official media Economic Information Daily also reported that billions of personal information are available at set prices and have a set value.
According to the report, through logging into Telegram and the dark web of industry insiders, hundreds of millions of accurate personal information in various categories are displayed and sold publicly. Including information about an individual’s whereabouts, credit information, property information, contact files, and even facial recognition can be easily obtained with a click on the paying section. As a result, human trafficking is rampant, and the volume of information and transactions is staggering.
Analysis indicates that the information is highly reliable
Regarding the suspicious data leak incident of the Shanghai Public Security System, Lai Jianping, a master of international law from the China University of Political Science and Law, analyzed it with Epoch Times on July 4. He said that the authenticity of the data samples related to the leak could not be confirmed. In addition, there are too many data samples, and most of them have not been checked, so that the information may be flawed.
Lai Jianping said that based on the data samples, he checked at least the police intelligence data, including the content of the specific case, the data of the accept (who wrote the accept, information about the accept, application, the case closing), identification data (links to many identification photos including ID cards, residence cards, driver’s licenses, passports and images of the controlled people in detention centers and hotels).
In addition, there are logistics data (suspected to have been submitted directly to police by relevant applications), i.e., the content contained in the courier service’s petitions, names, and phone numbers of the people involved.
An Internet observer believes the news is accurate and believes an insider carried out the incident. Epoch Times quoted him as saying: “The data of the Shanghai Public Security Bureau is very valuable, so the leak was intentional because it could be sold for money; they sold internal data.”
He said that the cloud storage of the Shanghai Public Security System must certainly have loopholes, but in this case, the probability is very low. They will make excuses and say that hackers attacked them.
“This database is very large, and it must relate to many different aspects, such as the flow of people from Xinjiang to Shanghai, such as information on human rights activists,” he said. “It is not possible that the Shanghai Public Security System was hacked, because not only Shanghai, but the whole country has these databases. Why only Shanghai was hacked, 100% was disclosed from internal source(s).”
Moreover, Shanghai is the headquarters of Jiang Zemin’s faction, which opposes Xi Jinping’s faction, and this time is before the 20th National Congress of the CCP.
According to the Epoch Times, Jin Chun, a former engineer at Huawei’s Nanjing Research Institute, also believes the news is credible. Still, he says it is probably an attack by a hacker.
He explained: “Any CCP network has loopholes that hackers can break. The CCP doesn’t need to create such fake news, which is not good for itself. These data, whether it’s real or not, can be verified, so I don’t think it can be faked.”
He believes it is not an insider leak because the risk is too great, and the Chinese have no direct motive. Instead, technicians are more likely to discover vulnerabilities that are not quickly fixed and are not being reported in time. In addition, the epidemic in Shanghai is so chaotic that it is also possible that the network vulnerability is not taken care of.
Jin Chun said that the CCP’s so-called cyber security appears ostensibly impregnable but is full of loopholes.
He said: “I used to work at Huawei to test vulnerabilities in Huawei’s cloud storage system. I discovered dozens of network security vulnerabilities. If I take good advantage of these holes, data leakage of Huawei’s cloud storage is entirely possible. Shanghai Public Security’s storage system is not even as secure as Huawei’s cloud system. It is more likely to be trespassed.”
Jin Chun said that this incident raised concerns about the personal security of Chinese people. The Chinese regime knows very well the personal information of its citizens. The CCP is the biggest violator of people’s information privacy.