A cyberthief going by the name ‘China Dan’ claims to have stolen personally identifiable information of 1 billion Chinese citizens.
According to an ad seen by Bleeping Computer on a dark web marketplace, the threat actor says the database contains 22 terabytes of records exfiltrated from Shanghai National Police servers. China Dan is selling the database, allegedly containing the residents’ names, addresses, contact information and criminal record checks, for 10 Bitcoin.
"In 2022, the Shanghai National Police (SHGA) database was leaked,” the post reads.
“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: Name, Address, Birthplace, National ID Number, Mobile number, All Crime / Case details.”
The hacker also shared a sample containing 750,000 records of user data for potential buyers check out.
The breach was confirmed by Binance’s CEO, who said the leak was probably due to a misconfiguration on an ElasticSearch database server.
“Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country,” Zhao Changpeng tweeted. “Likely due to a bug in an Elastic Search deployment by a gov agency.”