(Beijing) A hacker who claims to have stolen the personal information of a billion Chinese people is now putting that information up for sale on the Internet.
Posted at 8:02 am
Updated at 08:03
If confirmed, this data leak would be one of the largest in history.
A sample of 750,000 entries posted online by the hacker included the victims’ names, mobile phone numbers, ID numbers, addresses and dates of birth.
AFP and cybersecurity experts were able to verify the authenticity of some of the data contained in this excerpt. However, the true extent of the data leak has yet to be confirmed.
The database, which was advertised on an internet forum in late June but was only spotted this week by computer security specialists, is being sold for 10 bitcoins (more than CA$250,000).
“It seems to come from multiple sources. Some are from facial recognition systems, others appear to be data collected during a census,” Robert Potter, co-founder of cybersecurity firm Internet 2.0, told AFP.
But “there is no verification of the total number of arrivals and I am skeptical about the figure of one billion citizens,” he stresses.
Administration in China is very extensive and the authorities maintain extensive population databases.
Growing public awareness has prompted lawmakers in recent years to strengthen privacy laws for individuals and businesses.
However, citizens have few options to prevent the state from collecting their personal information.
Some of the data revealed by the hacker seems to come from the history of express delivery companies, which are very developed in China.
Other entries contain summaries of incidents (traffic accident, robbery, domestic violence, rape, etc.) reported to the Shanghai Police Department.
Four of the 12 people contacted by AFP confirmed the accuracy of the information in the published database, such as their names and addresses.
“I really don’t understand why my personal information was leaked,” said one such person, a woman surnamed Liu.
Some netizens have speculated that the data may have been hacked from a server owned by Chinese IT company Alibaba Cloud. Cybersecurity expert Robert Potter is convinced.
When contacted, Alibaba Cloud and the National Cybersecurity Administration did not respond to a request for comment from AFP.