China suffers massive cybersecurity breach affecting over 1 billion people

Cybercriminals found a way into a Shanghai National Police database, in the largest exploit of personal information in the country’s history.

Image: Adobe

Residents of China are reeling today from the news that a cybersecurity breach led to over a billion people’s personal information being made available to hackers. The sensitive data came from a Shanghai National Police (SHGA) database that was left unsecured in what is the largest cybersecurity gap in the country’s history.

The nature of the exploit was discovered on July 5, when a cybercriminal, going by the username ChinaDan, was offered access to the massive amount of Chinese citizens’ information on a web forum for the sum of $ 200,000, or 10 Bitcoin.

On the forum, the hacker wrote: “In 2022, the SHGA database was leaked. This database contains many TB of data and information on Billions of Chinese citizen [sic]. Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime / case details. ”

According to cybersecurity experts, the data located on the SHGA server was securely stored, until an adversary arranged a gateway, allowing for the server’s firewall to be breached. According to the New York Timesthe gateway to the SHGA database was not password protected.

SEE: Password breach: Why pop culture and passwords do not mix (free PDF) (TechRepublic)

The scope of the security breach

The attack is believed to have taken place due to unsecured servers of the SHGA, leading to the vulnerability of the sensitive information. Chinese authorities are known to collect massive amounts of data on their citizens through various means by tracking their movements, their social media posts and even going as far as to log the DNA of some of its citizens.

This amount of personal information available for anyone to see may seem overwhelming to those in the western world, but in China both the propensity for unsecured servers and the amount of sensitive data collected is nothing new. Several citizens according to the New York Times report said they were undaunted by the prospect of their information being made available online.

The breach of the SHGA is not the only database to have security issues, as a separate anonymous poster offered to sell data relating to another police database, this time in Henan, which houses over 90 million people.

It remains to be seen which individual or group claims responsibility for the attack, but an extensive amount of information on Shanghai’s citizens is on the internet for potential purchase.

Source

Cybercriminals found a way into a Shanghai National Police database, in the largest exploit of personal information in the country’s history.

Image: Adobe

Residents of China are reeling today from the news that a cybersecurity breach led to over a billion people’s personal information being made available to hackers. The sensitive data came from a Shanghai National Police (SHGA) database that was left unsecured in what is the largest cybersecurity gap in the country’s history.

The nature of the exploit was discovered on July 5, when a cybercriminal, going by the username ChinaDan, was offered access to the massive amount of Chinese citizens’ information on a web forum for the sum of $ 200,000, or 10 Bitcoin.

On the forum, the hacker wrote: “In 2022, the SHGA database was leaked. This database contains many TB of data and information on Billions of Chinese citizen [sic]. Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime / case details. ”

According to cybersecurity experts, the data located on the SHGA server was securely stored, until an adversary arranged a gateway, allowing for the server’s firewall to be breached. According to the New York Timesthe gateway to the SHGA database was not password protected.

SEE: Password breach: Why pop culture and passwords do not mix (free PDF) (TechRepublic)

The scope of the security breach

The attack is believed to have taken place due to unsecured servers of the SHGA, leading to the vulnerability of the sensitive information. Chinese authorities are known to collect massive amounts of data on their citizens through various means by tracking their movements, their social media posts and even going as far as to log the DNA of some of its citizens.

This amount of personal information available for anyone to see may seem overwhelming to those in the western world, but in China both the propensity for unsecured servers and the amount of sensitive data collected is nothing new. Several citizens according to the New York Times report said they were undaunted by the prospect of their information being made available online.

The breach of the SHGA is not the only database to have security issues, as a separate anonymous poster offered to sell data relating to another police database, this time in Henan, which houses over 90 million people.

It remains to be seen which individual or group claims responsibility for the attack, but an extensive amount of information on Shanghai’s citizens is on the internet for potential purchase.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!