The hackers reportedly stole data from the Shanghai National Police Database in what appears to be a bug in the Elastic Search deployment by a government agency.
On Monday, July 4, Binance CEO Changpeng Zhao raised an alarm about what appears to be the biggest Chinese data theft in history. As per reports, data of nearly 1 billion Chinese residents has been up for sale on the Dark Web.
Binance CEO Speaking about Data Leak
The hackers managed to steal 23 TB of data names, addresses, birthplaces, national IDs, phone numbers, and criminal case information, of Chinese residents. Reportedly, the hackers stole this data from a police station data from Shanghai. Later, the hacker offered this information on the Dark Web forum for just 10 BTC. In his tweets on Monday, Binance CEO Changpeng Zhao said that the hack happened “Likely due to a bug in an Elastic Search deployment by a gov agency”.
“This has impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc. It is important for all platforms to enhance their security measures in this area. Binance has already stepped up verifications for users potentially affected. Stay SAFU”, added he.
Basically, Elastic Search quickly scans through major data sets and returns answers in milliseconds. In the case of governments and corporates, data from company spreadsheets, and social media posts to emails, could all end up in the Elastic Search bucket.
As per the information on the forums, where the hackers posted the data, the attack targeted an instance of Elastic Search on the cloud platform, which was a subsidiary of Alibaba used by the Shanghai police. The Shanghai police and Chinese cybercrime authorities have yet to comment on this matter. The hacker ChinaDan, however, has confirmed three different databases containing a total of 750,000 files from the database.
CyberSecurity Experts Express Concerns
The incident has shaken all data security experts worldwide. Cybersecurity experts have expressed concerns over the size of the hack and the sensitivity of the information exposed.
As reported by the Wall Street Journal, some reporters downloaded the list to check and verify the authenticity of the information. The report states that “five people confirmed all of the data, including case details that would be difficult to obtain from any source other than the police. Four more people confirmed basic information such as their names before hanging up”.