The suspected leak from the Shanghai police database could be one of the most high-profile data breaches in history, according to experts.
Last week, someone using the pseudonym "ChinaDan" posted on the online hacking site Breach Forums offering to sell roughly 24 terabytes (24 TB) of data, including what they claimed to be information on "several billion case records," for 10 Bitcoins, worth approximately $200,000.
If confirmed, the leak would be one of the biggest data breaches in history, and hackers claim to have gotten a great deal of information on 1 billion Chinese from a Shanghai police database.
The data supposedly includes information from the database of the Shanghai National Police, including names, addresses, national identification numbers, and mobile phone numbers, as well as case records.
A sampling of data obtained by the news agency Associated Press included names, birthdates, ages, and mobile phone numbers.
One individual was recorded as having been born in "2020," and their age was listed as "1," indicating that data pertaining to minors may have been compromised.
Initially, the data leak prompted discussion on Chinese social media platforms such as Weibo, but since then, censors have blocked keyword searches for "Shanghai data leak."
One person expressed skepticism until they were able to verify some of the exposed personal information by searching for individuals on Alipay using their personal information.
They wrote in a Weibo post, "Everyone, please be cautious in case there are other phone scams in the future!"
Another Weibo user wrote that the disclosure indicates everyone is "running nude" - slang for lacking privacy - and that it is "terrifying."
Kendra Schaefer, partner and head of technology at Trivium China, stated in a tweet that it is "difficult to separate fact from rumor mill, but can confirm file exists."
According to Michael Gazeley, general director of the Hong Kong-based security firm Network Box, such data dumps are pretty typical.
Approximately 12 billion hacked accounts are currently available on the Dark Web. That's more than the global population, he remarked, adding that the United States is responsible for the majority of data leaks.
Chester Wisniewski, chief research scientist at cybersecurity firm Sophos, said that the breach is "extremely embarrassing to the Chinese government," and the political cost would undoubtedly outweigh damage to the people whose data was leaked.