Despite the China government’s censorship, a sample of the stolen data has proved to be accurate personal information

Over 23TB of personal details have allegedly been exfiltrated from a Shanghai Police database.

The breach involving data ranging from emails, national IDs, phone numbers to addresses of 1b Chinese residents, has been described as “the largest cybersecurity breach in the country’s history”.

The data is being ransomed for 10 BTC (around US$200,000), and the China government has not publicly responded to media enquiries on the incident. On social media, a theory is floating around that the breach involved a third party cloud infrastructure partner, but otherwise the method of attack is not confirmed. As usual, state-run media in the country have withheld coverage of this piece of news, while the social media accounts of victims of the breach have been suspended.

According to Sergey Shykevich, Threat Intelligence Group Manager, Check Point Software Technologies, the large database claimed as stolen from the Shanghai Police’s database was actually seen in an online cybercrime forum, which specializes in the trade of stolen databases. Samples of the stolen data being offered for sale have been reported to be from the alleged government agency.

Within this forum, it was found that a variety of other China related databases were being offered for sale as well, such as a China Courier Database with 66m records, that were allegedly stolen from ShunFeng Express in 2020—as well as other databases from Chinese driving schools.

“Cybercriminals are frequently looking for opportunities to steal databases from different organizations—in some cases using sophisticated malware families. In other cases, these hackers are scanning IP ranges of different entities to identify unprotected assets and databases, from which to steal. In this particular case, as such a large database of personal information was leaked, there is a high chance that cybercriminals may use this data for phishing and spear-phishing attacks.”

Official investigations are still ongoing.