Hackers are selling personal records of Chinese citizens stolen during a cybersecurity breach that allegedly targeted a database of Shanghai National Police (SHGA).
The security breach, which occurred sometime in 2022, exposed the personal data of over 1 billion Chinese citizens. The information has now been put it up for sale on both the open and the dark web. It includes names, addresses, government ID numbers, mobile numbers and other sensitive details.
One anonymous hacker who goes by ChinaDan is claiming to sell the stolen information in exchange for 10 bitcoin ($200,000). ChinaDan posted the offer on Breached.to, a hacking forum used by black hat hackers.
Binance CEO Changpeng Zhao said in a Twitter post over the weekend that the exchange's threat intelligence systems detected that 1 billion resident records from “one Asian country” were put up for sale on the dark web. The exchange claims to have ramped up its verification processes for those affected by the breach.
Zhao added that the breach may have occurred due to a buggy deployment of ElasticSearch, a popular search and data analytics tool used by enterprises.
Kenny Li, the co-founder of web3 privacy project called Manta Network, told The Block that the breach may have implications for the crypto industry. "The stolen data could be used to exploit users and do things like phishing attacks to steal keys or unauthorized access to applications like centralized exchanges," Li said.