Chinese authorities are reportedly scrambling to quiet online discussion of the alleged leak of more than 1 billion Chinese citizens’ personal data — a breach that experts say could be among the largest in history.
Speculation surged over the weekend on Chinese social media platforms such as Weibo and WeChat after a hacker who self-identified as “ChinaDan” offered to sell a massive 23-terabyte trove of data purportedly pilfered from a police database in Shanghai.
The data haul purportedly contains sensitive personal information ranging from names and addresses to criminal history and ID numbers.
The hacker responsible for the apparent breach sought to sell the information for 10 bitcoin, or the equivalent of about $200,000, according to a post on Breach Forums.
However, posts and hashtags linked to discussions about the validity of the alleged hack were reportedly stifled shortly after they emerged. Widely used hashtags such as “data leak” and “1 billion citizens’ records leak” are no longer accessible on Weibo on Tuesday, the Financial Times reported.
One prominent Weibo user said authorities had removed a post about the data breach and contacted her to discuss the social media activity, according to the outlet.
Meanwhile, messaging app WeChat reportedly removed news related to the hack as well as posts explaining the potential fallout for Chinese citizens whose information was leaked. Chinese search engine Baidu displayed few results related to a data breach.
The Breach Forums post revealing the leak first surfaced last Thursday.
“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen,” the post said, according to Reuters.
“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details,” the post added.
Representatives of Shanghai’s government and police department have yet to publicly address the hack.
If confirmed, the data leak would be one of the most extensive hacks on record. The entire Chinese population consists of about 1.4 billion residents.
A breach also could increase scrutiny on Chinese authorities.
Zhao Changpeng, the CEO of cryptocurrency firm Binance, said his firm had “detected 1 billion resident records for sell in the dark web.”
He added that the information was available “likely due to a bug in the [Elasticsearch] deployment by a gov agency.” The Binance CEO did not specifically reference China or the Shanghai police department.
“@Binance has already stepped up verifications for users potentially affected,” he added.