The aftermath of China’s largest data leak

• After the data leak of one billion Chinese citizens in July, experts are noticing a surge in other kinds of personal records from China appearing on cybercriminal marketplaces.  
• An estimated 290 million records about people in China surfaced on another underground bazaar known as Breach Forums in July as well.
• In August, one seller hawked personal information belonging to nearly 50 million users of Shanghai’s mandatory health code system.

In July this year, we wrote about what was possibly the biggest data leak in the modern history of China — one billion Chinese citizens’ data was found for sale on the dark web. The breach was followed closely by another leak of close to 50 million unique users’ data obtained from Shanghai’s health code, Suishenma. For a country like China that usually keeps cyber breaches under wraps, the exposure was a rare one indeed, and fast forward a few months later, the dust is far from settled.

Since those two initial incidents, experts have actually been noticing a surge in other kinds of personal records from China appearing on cybercriminal marketplaces. For starters, in July itself, shortly after the record leak, another estimated 290 million records about people in China surfaced on an underground bazaar known as Breach Forums in July, a cybersecurity firm based in Singapore Group-IB shared.

Only then the sale of nearly 50 million users’ personal information from Shanghai’s mandatory health code system surfaced. The alleged hoard included names, phone numbers, IDs and their Covid status — for the price of US$4,000. Bloomberg, in conversation with Group-IB’s researcher Feixiang He, noted that the forum has never seen such an influx of Chinese users and interest in Chinese data. “The number of attacks on Chinese users may grow in the near future,” He predicts.

The website, Breach Forums, like other markets where illicit goods are sold, has been home to false advertisements meant to generate attention, as well as legitimate data apparently stolen in security incidents, including an instance where users marketed user information taken from Twitter Inc. One thing’s for certain is the interest in leaked Chinese data has forced a spotlight on the vast amount of information that government officials collect through Beijing’s sprawling surveillance methods. 

In the first July incident, the unknown hackers that claimed to have stolen data of about one billion Chinese residents from the unsecured Shanghai police database, exposed the significant vulnerabilities in how government agencies store citizens’ information. For context, before that episode, there were three China-related databases marketed on Breach Forums, according to Group-IB’s He. In July, that number jumped to 17, the firm found. Bloomberg noted that researchers were unable to confirm the legitimacy of all the information in databases posted that month.  

Even Chinese-speaking users on Breach Forums expressed their surprise at the fact that data about the country’s citizens was available for sale, according to a Bloomberg News review. The posts were in fact so frequent that a forum administrator asked website visitors to keep posts in the English language. “Please do not send Chinese characters,” they wrote.

Separately, in the 10-day period following the apparent Shanghai leak, researchers from San Francisco-based Reposify Ltd. discovered more than 12,700 exposed assets — including web servers and remote access sites — when scanning for software vulnerabilities in Chinese government websites. This also included 1,436 exposed databases, which “could account for millions of potentially accessible data points representing Chinese citizens,” the company said. 

The irony remains that the rise in databases for sale comes in spite of Beijing’s increasingly strict cybersecurity and data privacy standards — aspects which President Xi Jinping has tied closely to national security. Despite all that, Shanghai authorities and China’s internet regulators have yet to publicly address the recent leaks, especially those involving the police and health system data. 

Further complicating the matters is the fact that discussions of the incidents have been scrubbed by censors from local social media. Bloomberg even noted that Shanghai’s government and the Cyberspace Administration of China, the main internet regulator, didn’t respond to multiple faxes requesting comment.

But the worse may just not be over as hackers are apparently readying themselves for more data dumps. There was particularly one new user on the underground database forum, who claimed to be selling the Shanghai health system data after joining the site in July, alleging that there was more leaked information to share. “In my humble opinion, no amount of cyber security [or] data protection could stop data leaks from ever happening,” the unnamed user wrote.

 

---

---

---