Hackers claim to steal personal data of over a billion people in China
The attackers have reportedly offered to sell over 23 terabytes of data for 10 bitcoin


Hackers have reportedly stolen the data of around one billion Chinese citizens from a Shanghai police database, in what experts are calling the largest cyber security breach in the country's history.
The unidentified attackers, who have claimed they are responsible for the attack, have offered to sell over 23 terabytes of stolen data, as reported by Bloomberg.
This includes names, addresses, birthplaces, national IDs, phone numbers and criminal case information, the attackers revealed in an anonymous post on an online forum last week. The hackers were also asking for 10 bitcoin, worth around $190,000 (£159,500).
Zhao Changpen, founder and CEO of Binance, tweeted today that the company detected a breach of one billion resident records for sale on the dark web from one Asian country, although didn’t specify which country. He said that this was likely due to a bug in an ElasticSearch deployment by a government agency. As a result, Binance has increased its security verification procedures for users who have been affected.
Shanghai authorities and the Cyberspace Administration of China haven’t responded to the alleged hack so far.
The US and other nations around the world have identified China in the past as one of the world’s biggest sources of cyber criminals. New Zealand, for example, claimed in July 2021 that there were links between Chinese state-sponsored actors APT40 and malicious cyber activity in the country.
Domestic breaches in China are rarely disclosed, due to a lack of transparent reporting mechanisms. The information of dozens of Communist Party officials and industry figures like Jack Ma was said to have been exposed on Twitter in 2016, considered to be one of China’s biggest online leaks of sensitive information at the time. This was followed in 2020 by hackers claiming to have stolen account information for over 538 million users of Weibo. This year, a rights group claimed that tens of thousands of hacked files from the Xinjiang region provided evidence of the abuse of mostly Muslim ethnic Uyghurs.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
It remains unclear how the attackers gained access to the Shanghai police servers, although online cyber security experts have predicted it might have been through the breach of a third-party cloud infrastructure partner. The country’s biggest external cloud services are provided by Alibaba, Tencent, and Huawei.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.
-
The Race Is On for Higher Ed to Adapt: Equity in Hyflex Learning
By ITPro
-
Google faces 'first of its kind' class action for search ads overcharging in UK
News Google faces a "first of its kind" £5 billion lawsuit in the UK over accusations it has a monopoly in digital advertising that allows it to overcharge customers.
By Nicole Kobie
-
Latitude Financial's data policies questioned after more than 14 million records stolen
News Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
By Zach Marzouk
-
Latitude hack now under state investigation as customers struggle to protect their accounts
News The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
By Zach Marzouk
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach response
Case Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
By Zach Marzouk
-
Australia commits to establishing second national cyber security agency
News The country is still aiming to be the most cyber-secure country in the world by 2030
By Zach Marzouk
-
Medibank bleeds $26 million in cyber costs following hack
News The company believes this figure could rise to $45 million for the 2023 financial year
By Zach Marzouk
-
TikTok's two new European data centres to address data protection concerns
News The company is under pressure to prove its user data isn’t being accessed by the Chinese state
By Zach Marzouk
-
Cyber attack on Australia’s TPG Telecom affects 15,000 customers
News It is the third cyber attack on a major Australian telco since October
By Zach Marzouk
-
Telstra blames IT blunder for leak of 130,000 customer records
News Australia’s biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
By Zach Marzouk