As many as one billion Chinese citizens’ personal information could be at risk after hackers accessed the Shanghai police database. It has emerged that Shanghai police servers suffered a breach earlier this month. However, it’s not clear how the claimed cyber attackers obtained access. Nonetheless, some cybersecurity experts have dubbed it the largest hack in history. The unnamed hackers requested 10 BTC, which is worth approximately $200,000.
What’s at stake in the Shanghai police hack
More than 23 gigabytes of stolen data have been offered for sale by the individual or group claiming responsibility for the Shanghai police hacking. According to an anonymous post on an internet cybercrime forum last week, names, residences, birthplaces, national IDs, phone numbers, and criminal case information are at risk of exposure. One prevalent notion that surfaced online among cybersecurity professionals was that the data breach was came via a third party and a cloud infrastructure provider.
Even though China has refused to address the purported breach, the situation remains tense. However, it is a well-known fact that China is typically reclusive with its cyberspace control mechanisms. Even more importantly, this attack touches on a sensitive national security subject, which enhances China’s rationale for not responding publicly.
The breach also serves as a reminder of the inherent dangers of cryptocurrency. Cryptos have become a popular ransom payment method for many online criminals. While it is possible to follow the money trail using crypto wallets, it can take a long time.
China’s security community appear shocked by the magnitude of the purported leak. This has sparked skepticism about the authenticity of this claim and how it may have occurred. The alleged hack has elicited no public response from Shanghai police or officials. On Monday, Binance CEO Zhao Changpeng announced via a tweet that the company has discovered a massive breach. Additionally, he said that the company has subsequently stepped up verification measures for users who may have been affected.