Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hacker claims to have obtained data on 1 billion Chinese citizens
New on LowEndTalk? Please Register and read our Community Rules.

Hacker claims to have obtained data on 1 billion Chinese citizens

dahartigandahartigan Member

https://www.theguardian.com/technology/2022/jul/04/hacker-claims-access-data-billion-chinese-citizens

A hacker has claimed to have stolen the personal information of 1 billion Chinese citizens from a Shanghai police database, in what would amount to one of the biggest data breaches in history if found to be true.

The anonymous hacker, identified only as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000 (£165,000).

Comments

  • LTnigerLTniger Member

    Probably 0 Fs given as data is in Chinese.

  • @dahartigan said: The anonymous hacker, identified only as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000 (£165,000).

    Sir, you're doing a great disservice to LET by not posting a direct link to the thread to the forum where this is discussed.

    Thanked by 1dahartigan
  • @stevewatson301 said:

    @dahartigan said: The anonymous hacker, identified only as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000 (£165,000).

    Sir, you're doing a great disservice to LET by not posting a direct link to the thread to the forum where this is discussed.

    I was hoping there was a direct download link of the entire leak by now, I would have shared that instead /s

  • valkvalk Member
    edited July 5

    @stevewatson301 said:

    @dahartigan said: The anonymous hacker, identified only as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000 (£165,000).

    Sir, you're doing a great disservice to LET by not posting a direct link to the thread to the forum where this is discussed.

    Well yes because he's doing copy paste, just only it. You need to go find it yourself I guess.

  • bdlbdl Member

    "ChinaDa"nhartigan

  • edited July 5

    @bdl said:
    "ChinaDa"nhartigan

    Well it’s a problem affecting Australia at large.

    Thanked by 2dahartigan BlaZe
  • bdlbdl Member

    @stevewatson301 said:

    @bdl said:
    "ChinaDa"nhartigan

    Well it’s a problem affecting Australia at large.

    We have a huge problem with people called "Dan" in Australia :(

    Thanked by 1dahartigan
  • SirFoxySirFoxy Member

    Irrelevant to the the thread, but, love you @dahartigan hope you're doing well.

    Thanked by 2bdl dahartigan
  • @bdl said:
    "ChinaDa"nhartigan

    Shiiiit, my cover has been blown.

    @SirFoxy said:
    Irrelevant to the the thread, but, love you @dahartigan hope you're doing well.

    Love you too brother, I'm good thanks, hope you are too!

    Thanked by 2SirFoxy bdl
  • @valk said:

    @stevewatson301 said:

    @dahartigan said: The anonymous hacker, identified only as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000 (£165,000).

    Sir, you're doing a great disservice to LET by not posting a direct link to the thread to the forum where this is discussed.

    Well yes because he's doing copy paste, just only it. You need to go find it yourself I guess.

    And here we go.
    https://breached.to/Thread-Selling-2022-SHGA-Shanghai-Gov-National-Police-database

    Thanked by 3valk Cabbage dahartigan
  • The leak happened because apparently some developer wrote a post POST on CSDN and also included the credentials for the db.

    Details:

    Thanked by 2jmaxwell TimboJones
  • jmaxwelljmaxwell Member

    @rattlecattle said:
    The leak happened because apparently some developer wrote a post POST on CSDN and also included the credentials for the db.

    Details:

    The developer and his family will now disappear mysteriously lol.

    Is this the new raidforums ?

  • @jmaxwell said: Is this the new raidforums ?

    Believe so.

  • stefemanstefeman Member

    It is apparently legit sadly.

  • What's with censoring the links? Every security researcher seems to have a thing where they go to great lengths to hide the original source of the data, the only kicker being those who are on the lookout for such leaks already know the sources.

  • stefemanstefeman Member

    @stevewatson301 said:

    What's with censoring the links? Every security researcher seems to have a thing where they go to great lengths to hide the original source of the data, the only kicker being those who are on the lookout for such leaks already know the sources.

    Against ToS of LET since that is directly sharing personal info. Not to mention that one of my co-worker is from Shanghai. No way I'd want to risk that they're in that sample by any chance, not to mention spreading it.

    Besides, the topic was linked above anyway.

  • @stefeman said: No way I'd want to risk that they're in that sample by any chance, not to mention spreading it.

    Because certainly the bad guys are gonna protect it as you wish for. /s

    Thanked by 1BlaZe
  • Jake4Jake4 Member

    Is it wrong to say this breach may be good since it may provide additional details about the Uyghur arrests

  • ralfralf Member

    @stefeman said:
    Not to mention that one of my co-worker is from Shanghai. No way I'd want to risk that they're in that sample by any chance, not to mention spreading it.

    If they have data on 1 billion people, there's a 70% chance that they're in it regardless of where they live in China. It's so big, I guess they had the data from everyone from pretty much any metropolitan area.

  • kasodkkasodk Member

    @dahartigan said:

    @SirFoxy said:
    Irrelevant to the the thread, but, love you @dahartigan hope you're doing well.

    Love you too brother, I'm good thanks, hope you are too!

    LET = LowEndDating.com

    The domain is free.

  • stefemanstefeman Member
    edited July 5

    I dont want to get my post deleted by LET mods, or get fucked by CCP next time I visit Hong Kong as a tourist again.

    That was one of the reasons.

  • This is probably not on par with when the Chinese hacked the US's internal secure network and got the passports and blackmail info on every person who's gotten security clearance. That's as bad as it gets.

  • @kasodk said:

    @dahartigan said:

    @SirFoxy said:
    Irrelevant to the the thread, but, love you @dahartigan hope you're doing well.

    Love you too brother, I'm good thanks, hope you are too!

    LET = LowEndDating.com

    The domain is free.

    T != D.

  • LingyuLingyu Member

    @rattlecattle said:
    The leak happened because apparently some developer wrote a post POST on CSDN and also included the credentials for the db.

    Details:

    That's true,however the database(or storage)are in Gov's private network,
    even if you have the key,you can't log in it(ga.sh is a domain for Private Network,not actually use in internet)
    so,How can him link the GOV's network

  • bdlbdl Member

    @Lingyu said:

    @rattlecattle said:
    The leak happened because apparently some developer wrote a post POST on CSDN and also included the credentials for the db.

    Details:

    That's true,however the database(or storage)are in Gov's private network,
    even if you have the key,you can't log in it(ga.sh is a domain for Private Network,not actually use in internet)
    so,How can him link the GOV's network

    pretty sure the ga.sh was leaking and already has been violated

  • emgemg Member
    edited July 6

    Sorry to hijack the thread, but I feel angry and PO'd at this report.

    This is an example of why I get so very tired of dealing with people who argue for legally authorized access to encrypted data. The argument always boils down to, "We are the government. By definition, you can trust us to access your data only under legal authority and protect your data to keep it safe and secure."

    Most of the time, the people who say that are the most honest, best people I know. Typically, their mission is to protect their fellow citizens and they want to do good. They truly believe that they can keep our data safe and secure while retaining access only for legitimate needs. They may be well meaning and very intelligent, but often have little or no background in computers, networks, or information security.

    It never works, and no amount of contrary experience nor the counsel of experts trained in the art will dissuade them. The "revolving door" ensures that there is a fresh crop of eager new true believers who will push for the same legally authorized access with the same promises of protections.

    Right now, I am feeling very discouraged and tired and angry. Yeah, it is merely another huge breach where a government could not secure a large pool of very sensitive data, but I am so tired of hearing the same story over and over.

    I have heard that "crazy" is when you don't change anything, but you expect something different to happen.

    My new definition of crazy is where the consequences of a basic error are huge, yet you build data systems where you assume that the design and implementation will be perfect and nobody will make an exploitable mistake, ever. That is how today's data security is supposed to work.

  • @emg said: Most of the time, the people who say that are the most honest, best people I know. Typically, their mission is to protect their fellow citizens and they want to do good.

    You have a very charitable interpretation of law enforcement's actions. From what I've seen, they're people who are so enamored with the concept of delivering justice that they don't understand that they shouldn't cross because it comes at the huge cost of citizen privacy.

    Although, to be fair, people look at things differently, so I'm sure some folks in law enforcement are looking at this post and are like, "yeah, we're so committed to delivering justice and we won't let anything come our way to prevent that from happening" and being proud of it.

  • emgemg Member

    @stevewatson301 said:

    You have a very charitable interpretation of law enforcement's actions. From what I've seen, they're people who are so enamored with the concept of delivering justice that they don't understand that they shouldn't cross because it comes at the huge cost of citizen privacy.

    Although, to be fair, people look at things differently, so I'm sure some folks in law enforcement are looking at this post and are like, "yeah, we're so committed to delivering justice and we won't let anything come our way to prevent that from happening" and being proud of it.

    I can't speak to your experience with law enforcement, so there is no basis for comparison.

    I disagree with the way you characterized my statement. I also strongly disagree with the generalizations you used to characterize the people who work in law enforcement, although in any such large group you will find individuals who match your description.

    Thanked by 1mrTom
  • defaultdefault Member
    edited July 6

    They were right all along! They're losing millions!

    Thanked by 1mrTom
Sign In or Register to comment.