Mystery hacker claims to have conducted one of the largest data heists in history

Data Breach
(Image credit: Shutterstock)

Personal information relating to roughly one billion Chinese citizens has reportedly been stolen in what could be one of the largest cyber heists in history.

An unknown threat actor has taken to underground forums to advertise a batch of 23TB of sensitive data, allegedly stolen from a database belonging to a Shanghai police department.

The data is said to contain people’s names, addresses, birth places, national ID numbers, phone numbers, and information on any criminal cases the individuals be involved in. The Wall Street Journal claims to have verified at least a small portion of the data.

The mystery attacker is asking for 10 bitcoin in exchange for the data, which translates to roughly $200,000 at the current market rate. 

A bug or a mishap?

According to a Bloomberg report, there has been no word from the Shanghai police, and the Cyberspace Administration of China is still silent on the matter as well.

But late last night, Changpeng Zhao, founder and CEO of cryptocurrency exchange Binance, tweeted that the company’s threat intelligence unit had detected a billion resident records going up for sale on the dark web, “likely due to a bug in an Elastic Search deployment by a gov agency".

“This has an impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.,” he added. “It is important for all platforms to enhance their security measures in this area. Binance has already stepped up verifications for users potentially affected.”

He later added that the attack had "apparently" been made possible because a government developer wrote a tech blog that “accidentally included the credentials".

A spokesperson for Elastic Search later said Binance's team "incorrectly speculated" on the causes of the breach, adding that the statement is "factually inaccurate".

"Our company was not involved, and the reference to Elastic in stories is causing concern and confusion," the spokesperson told us. "There has been no data breach of Elastic in this case."

Bloomberg reports that some cybersecurity experts, on the other hand, believe “the breach involved a third-party cloud infrastructure partner", naming Alibaba, Tencent, and Huawei as among the largest providers serving the region.

Inevitably, an incident of this kind invites comparisons with previous high-profile cybersecurity breaches to have affected China.

In 2016, for example, personal information on dozens of Communist Party officials and industry figures - from Jack Ma to Wang Jianlin - was said to have been exposed on Twitter. While in 2020, a group of criminals stole sensitive data on more than 500 million users of domestic microblogging platform Weibo.

Edit, 7.7.2022 - A spokesperson for 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.