Allegedly one billion records stolen from Shanghai police

A hacker claims to have stolen a billion records of Chinese citizens from the Shanghai police. According to Reuters, he is offering these for 10 bitcoins – a little more than 190,000 euros at the current rate – in a Darknet forum. The dataset is said to be more than 23 terabytes.

The database is said to contain information on one billion Chinese. It includes several million case files and thus data such as name, address, place of birth, national ID number, cell phone number and all details of the criminal cases.

Cryptocurrency trading platform Binance CEO Zhao Changpeng tweeted that a data leak in an Asian country has tightened the verification process for affected users.

Changpeng also explains that the data leak was probably due to a faulty Elasticsearch installation at a government agency. However, he does not explicitly state whether he means the case with the police in Shanghai.

Biggest leak yet?

Much is still unclear at the moment and nothing can be verified, explains Reuters. If the data leak turns out to be real, it would probably be the biggest leak ever.

The incident is also a plea for data economy: data that is not available, collected and stored cannot be stolen. Against this background, the fact that Europol’s mandate for mass surveillance has come into force and also enables the evaluation of data from unsuspicious persons is particularly explosive.

Data leaks from Elasticsearch misconfigurations are common. Earlier this year, the CCC warned of 50 data leaks involving over 6 million records, a “quarter [..] was even “conveniently searchable” via unsecured “cloud search” with Elasticsearch.