Shanghai police database leak
Data breach affecting China
The Shanghai police database leak refers to the unauthorized disclosure of sensitive personal information and police case data from the Shanghai National Police Database, also known as the SHGA Database, in early July 2022. The leaked data, totaling over 23 terabytes, includes details of more than one billion Chinese residents, encompassing names, addresses, birthplaces, resident ID card numbers, phone numbers, photos, mobile phone numbers, and information on criminal cases. The data was made available for sale on the internet by an unidentified hacker, who demanded a price of 10 bitcoins.[1][2]
The origin of the leaked information is believed to be the Shanghai Public Security Bureau, although this has not been officially confirmed. Screenshots shared online revealed a vast amount of intricate police information, such as the time of reporting criminals, the contact numbers of reporting individuals, and the reasons for reporting. Notably, initial analysis indicated that the personal data originated from residents all across mainland China, rather than being limited to Shanghai alone.[3][4]
If the reported volume of data is accurate, the Shanghai police database leak would be regarded as the largest and most significant incident of its kind since 1949.[5] The news of the leak faced censorship on the social platform Weibo in mainland China, potentially to impede its spread. The authorities have not yet acknowledged or publicly addressed the incident. Despite inquiries sent by Bloomberg to the Central Cyberspace Administration of China and the Shanghai Police Bureau, no responses have been received thus far. Bloomberg criticized the lack of transparency and disclosure surrounding data breaches in the People's Republic of China, citing previous incidents such as the leakage of personal information of Communist Party members in 2016, the Weibo account information leak in 2020, and the information leakage from Xinjiang re-education camps in 2022.[3] Cybersecurity researcher Vinny Troia claimed he discovered the leak over a year before the server was eventually shut down.[6]
See also
- Data breach
- Mass surveillance in China
- Health Code#Surveillance and invasion of privacy
- Xinjiang Police Files
- List of data breaches
Sources
- ^ Ni, Vincent (2022-07-04). "Hacker claims to have obtained data on 1 billion Chinese citizens". The Guardian. ISSN 0261-3077. Retrieved 2023-05-14.
- ^ "Hackers offer data on 1 billion Chinese after alleged leak". www.aljazeera.com. Retrieved 2023-05-14.
- ^ a b "Hackers Claim Theft of Police Info in China's Largest Data Leak". Bloomberg. 2022-07-04. Retrieved 2022-07-04.
- ^ "網傳上海公安系統遭駭 10億公民個資售20萬美元 | 兩岸 | 中央社 CNA". Central News Agency (in Chinese). 4 July 2022. Retrieved 2022-07-04.
- ^ "上海公安數據庫傳遭駭 10億陸民訊息20萬美元網上兜售". United Daily News (in Chinese). 2022-07-04. Retrieved 2022-07-04.
- ^ Hao, Karen (6 July 2022). "China Police Database Was Left Open Online for Over a Year, Enabling Leak". Wall Street Journal. Wall Street Journal. Retrieved 23 November 2022.
- v
- t
- e
Hacking in the 2020s
| ← 2010s | Timeline | 2030s → |
- Anonymous
- Anonymous Sudan
- Berserk Bear
- Clop
- Cozy Bear
- DarkMatter
- DarkSide
- Dridex
- Ghostwriter
- GnosticPlayers
- Guacamaya
- Hafnium
- IT Army of Ukraine
- Killnet
- Lapsus$
- LightBasin
- Lockbit
- REvil
- Sandworm
- Sakura Samurai
- ShinyHunters
- Wizard Spider
publicly disclosed
- SMBGhost (2020)
- Thunderspy (2020)
- PrintNightmare (2021)
- FORCEDENTRY (2021)
- Log4Shell (2021)
- Account pre-hijacking (2022)
- Retbleed (2022)
- Downfall (2023)
- LogoFAIL (2023)
- Reptar (2023)
- Terrapin (2023)
- GoFetch (2024)
| 2020 | |
|---|---|
| 2021 |
|
| 2022 |
|
