Chinese censors are cracking down on news that the data they have pilfered from their citizens over the years is being sold for less than the price of a car.
According to reports, a hacker named "ChinaDan" told members of the hacker site that he had acquired 23 terabytes of data on 1 billion Chinese citizens. He is willing to give up data for the right price. What is the value of 1 billion people's data? It's not clear how much it's going to be, but it's probably 10bitcoin or $200,000.
According to the post, the data trove came from a leaked version of the national police database. The sample size of ChinaDan's original post was increased to 750,000. BleepingComputer included an image of the forum post that reads "Databases contain information on one billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details."
Considering that the total population of all of China is over one billion, the leak is probably overstated.
There has been no mention of the hack by the Chinese government. Reports show how much Beijing doesn't want its citizens to talk about the incident. Posts on Chinese social media that dared to mention the leak have been taken down.
The Financial Times wrote that China's version of social media, Weibo and WeChat, were already censoring any mention of data leak ordatabase breeches. At least one poster with a big follower-base was asked to come in for questioning by the censors. Chinese state media has not commented on the hack, according to the NYT.
According to the hacker, the data was taken from a cloud computer firm which they said hosts the police database in China. The records were for sale on the dark web due to a bug in an Elastic Search deployment by a government agency, according to Changpeng Zhao. They were stepping up verifications for users whose information was included in the hack.
It is possible that it is the biggest leak of data ever. It has been a big year for data breeches at multinational companies. This isn't the first time a bug resulted in leaked information. According to reports, a server at a Texas-based data firm leaked over 24 million financial and banking records.
The New York Times was able to confirm the authenticity of the original sample containing 250,000 citizens' personal information despite Gizmodo's inability to determine the authenticity of the post.
The Wall Street Journal called a few of the names and numbers contained in the larger sample and five of them confirmed that data that would be hard to come by if it wasn't gathered by police. The numbers the Journal tried were not valid.
A man who goes by the name of Wei told the Journal that they have no privacy after learning that their information was leaked.