Hacker hits Shanghai’s database
In what may be one of the largest known breaches of Chinese personal data, a hacker has offered to sell a Shanghai police database that could contain information on perhaps 1 billion Chinese citizens.
The unidentified hacker, who goes by the name “Chinadan,” posted in an online forum last week that the database for sale included terabytes of information on 1 billion Chinese. The scale of the leak could not be verified. The New York Times confirmed parts of a sample of 750,000 records that the hacker released to prove the authenticity of the data.
The hacker, who joined the online forum last month, is selling the data for 10 bitcoin, or about $200,000. The individual or group did not provide details on how the data was obtained.
Over the years, authorities in China have become expert at amassing digital and biological information on people’s daily activities and social connections. They parse social media posts, collect biometric data, track phones, record video using police cameras and sift through what they obtain to find patterns and aberrations.
But even as Beijing’s appetite for surveillance has ramped up, authorities have appeared to leave the resulting databases open to the public or left them vulnerable with relatively weak safeguards.
China’s government has
worked to tighten controls over a leaky data industry that has fed internet fraud. Yet the focus of the enforcement has often centered on tech companies, while authorities appear to be exempt from strict rules and penalties aimed at securing information at internet firms.