Hackers claim to steal personal data of over a billion people in China

News
By published

The attackers have reportedly offered to sell over 23 terabytes of data for 10 bitcoin

Hacker on a computer with a Chinese flag in the background
(Image credit: Shutterstock)

Hackers have reportedly stolen the data of around one billion Chinese citizens from a Shanghai police database, in what experts are calling the largest cyber security breach in the country's history.

What is China’s Personal Information Protection Law (PIPL)? China-backed hackers compromised six US government networks China slams Microsoft hack accusations as ‘groundless and irresponsible’

The unidentified attackers, who have claimed they are responsible for the attack, have offered to sell over 23 terabytes of stolen data, as reported by Bloomberg.

This includes names, addresses, birthplaces, national IDs, phone numbers and criminal case information, the attackers revealed in an anonymous post on an online forum last week. The hackers were also asking for 10 bitcoin, worth around $190,000 (£159,500).

Zhao Changpen, founder and CEO of Binance, tweeted today that the company detected a breach of one billion resident records for sale on the dark web from one Asian country, although didn’t specify which country. He said that this was likely due to a bug in an ElasticSearch deployment by a government agency. As a result, Binance has increased its security verification procedures for users who have been affected.

See more

Shanghai authorities and the Cyberspace Administration of China haven’t responded to the alleged hack so far.

The US and other nations around the world have identified China in the past as one of the world’s biggest sources of cyber criminals. New Zealand, for example, claimed in July 2021 that there were links between Chinese state-sponsored actors APT40 and malicious cyber activity in the country.

Domestic breaches in China are rarely disclosed, due to a lack of transparent reporting mechanisms. The information of dozens of Communist Party officials and industry figures like Jack Ma was said to have been exposed on Twitter in 2016, considered to be one of China’s biggest online leaks of sensitive information at the time. This was followed in 2020 by hackers claiming to have stolen account information for over 538 million users of Weibo. This year, a rights group claimed that tens of thousands of hacked files from the Xinjiang region provided evidence of the abuse of mostly Muslim ethnic Uyghurs.

It remains unclear how the attackers gained access to the Shanghai police servers, although online cyber security experts have predicted it might have been through the breach of a third-party cloud infrastructure partner. The country’s biggest external cloud services are provided by Alibaba, Tencent, and Huawei.

Zach Marzouk
Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.

More about data breaches
Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach.

These five countries recorded the most third-party data breaches last year
Oracle logo pictured on the front of the company headquarters in Redwood City, California.

Oracle breach claims spark war of words with security researchers
Digital handshake concept with Hand shake between two businessmen with digital hand

SYSPRO appoints Josef Al-Sibaie to spearhead global expansion
See more latest
Most Popular
Digital handshake concept with Hand shake between two businessmen with digital hand
SYSPRO appoints Josef Al-Sibaie to spearhead global expansion
ChatGPT logo and branding pictured in white coloring against a black backdrop.
DeepSeek and Anthropic have a long way to go to catch ChatGPT: OpenAI's flagship chatbot is still far and away the most popular AI tool in offices globally
A telephoto shot of Evan Goldberg, founder and EVP at Oracle NetSuite, pictured from the waist up speaking onstage at the opening keynote of SuiteConnect London 2025.
‘Every feature that comes into NetSuite over the coming years is going to have AI’: NetSuite’s Evan Goldberg on the future of the platform and how AI will drive customer success
Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach.
These five countries recorded the most third-party data breaches last year
Phishing concept image showing an email symbol with fishing hook.
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
Flexible work concept image showing woman working in office environment side by side with woman working from home.
IT professionals aren’t budging on flexible work demands – and more than half say they’ll quit if employers don’t meet expectations
Cybersecurity team members discussing strategy in an open plan office space, with male and female practitioners standing and others sitting at desks.
UK tech firms have a chance to trial a four-day week this year – here's how other pilot schemes fared
Cyber security concept image showing a digitized padlock sitting on a blue colored circuit board.
LevelBlue launches new partner program that’s “built for the future”
23andMe logo and branding pictured on a sign outside the company headquarters in Sunnyvale, California.
Millions of 23andMe users’ genetic data could be up for grabs – and experts worry it’s a looming privacy nightmare
Microsoft Copilot logo and branding pictured on a smartphone screen.
Microsoft launches new security AI agents to help overworked cyber professionals