August 9, 2022

Image credit: Yahoo

Security warning after sale of stolen Chinese data

Following a hacker’s promise to sell one billion Chinese citizens’ personal information, President Xi Jinping encouraged government organisations to “protect information security.”

The user claimed that the data was taken from Shanghai National Police in an advertisement on a criminal forum that was later taken down.

According to the hacker, names, residences, National ID numbers, and mobile phone numbers are included in the material.

Cybersecurity professionals have confirmed that at least a portion of a small sample of the provided data is accurate.

The 23 terabytes of data, which were being offered for $200,000 (£166,000) until the post was taken down on Friday, is reportedly the highest amount of data ever sold.

President Xi did not specifically mention the data trade, and no Chinese officials have replied to the revelation.

To ensure citizens feel secure when providing information for public services, the president has reportedly instructed Chinese public institutions to “defend information security to protect personal information, privacy, and private corporate information,” according to the South China Morning Post.

DarkTracer, a company that tracks online criminal activity, reports that on Tuesday, a different hacker posted an advertisement for 90 million Chinese citizen records that he claimed to have stolen from Henan National Police. This hacker may have been motivated by the publicity surrounding ChinaDan’s offer (HNGA). All of those facts have not been proven.

Mr Lewis thinks that the authorities in China, who purportedly prohibited talk of the auction on Chinese social networks soon after it was publicised, may have been quite concerned by the information that was leaked.

A multinational police operation directed by the FBI in April resulted in the seizure and closure of a well-known hacking website called Raid Forums.

The Croydon-based British man and the Portuguese founder of the website were both taken into custody.

Hackers can send phishing emails and other malicious assaults to deceive individuals into giving money to criminals by using large data sets like the Chinese cache.

However, since the data has vanished, it might never be possible to confirm it.

Another possibility is that the website admins found the data and ChinaDan to be bogus.

Louise Ferrett, a Threat Analyst at Searchlight Security, believes the information might be accurate.