Hacker offers to sell Shanghai police database containing details of 1 billion Chinese residents | Science and technology news

A hacker is offering to sell a gigantic Shanghai police database that it says contains confidential information on around a billion Chinese residents — including their names, addresses, dates of birth, and crime and case reports.

Dubbed ChinaDan, the hacker says the database also includes photos used in official documents or captured by facial recognition systems.

If the claim is true, it would amount to one of the largest data breaches in history, especially given the nature and volume of personal data. The asking price for the database is 10 Bitcoin – worth around £169,000 at the time of publication.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many [terabytes] of data and information on billions of Chinese citizens,” ChinaDan posted on Breach Forums, a hacking forum.

“Databases contain information on 1 billion Chinese residents and several billion case records including: name, address, place of birth, national ID number, mobile phone number, all crime/case details.”

Some information released as a sample appeared to be correct – the Wall Street Journal and AFP contacted some of the individuals in the sample, who verified sensitive personal information.

Chinese authorities have not publicly commented on the breach. Related search terms, including “data leak,” were censored on Chinese social media.

The Chinese government routinely collects a staggering amount of data about its own citizens, e.g. when boarding trains, planes or checking into hotels, and CCTV surveillance is ubiquitous in some places. Beijing police said in 2015 that “every corner” of the city was covered by video surveillance. Many of these cameras have facial recognition capabilities.

In November last year, China introduced the country’s first comprehensive privacy law, imposing tougher restrictions on what companies can do with user data and how they must store it.

However, this law regulated private companies’ access to data rather than government and police databases.

The magnitude of the data leak would make it one of the largest in history. In 2013, Yahoo said all of its three billion accounts had been hacked in what is believed to be the largest breach in history, although the personal information stolen was less sensitive than the Shanghai police leak, if true.