Fallout from Shanghai National Police Data Breach Continues
Information from a Shanghai National Police data breach is becoming increasingly available on the Dark Web, according to analysis from threat intelligence firm Cybersixgill.
“The surge in activity is just one piece of the fallout after a BreachForums user named ChinaDan posted on 30 June what they said was nearly 23 terabytes of data gathered by the Shanghai National Police,” Cyberscoop reported.
The Shanghai data was listed for sale for 10 bitcoin ($200,000), according to Cybersixgill, while anyone could receive a sample of the data which included 750,000 entries. The data leaked from the police included the names, addresses, phone numbers, national identifications, birthplaces, and criminal records of more than 70 percent of the country’s population—roughly 1 billion Chinese residents.
An analysis of the firm’s research, Out of Breach: Shanghai Police Breach Leads to Increased Chinese Underground Activity, found that there has been a “notable rise in data leaks of Chinese entities” recently shared on a popular underground forum, Breach Forums.
“From March through June, there were an average of 14 monthly leaks from Chinese entities. However, in the first 15 days of July there were 25 leaks, setting a pace for 52, far exceeding the pre-breach average,” Naomi Yusupov, author of Out of Breach, wrote.
Yusupov explained that the spike in activity might be linked to the Shanghai breach for three reasons. The size of the Shanghai breach, plus the seller’s asking price for the stolen data, may produce copycats—other actors targeting Chinese databases to “gain both a reputation boost and money.”
“It is likely the Shanghai Police breach led to additional breaches,” the analysis said. Other actors could also use the information from the Shanghai breach to access other databases, whether by hacking or social engineering.
Another reason for increased data breaches may be that newer Chinese members of the forum might consider it a site to share other domestic leaks.
In fact, the other notable finding from the analysis was a “massive” increase in active Chinese users on Breach Forum.
“The new Chinese members seem to be interested in a wide variety of what the forum has to offer, including data leaks, streaming accounts, adult content, hacking courses, and cracking tools,” Yusupov wrote.
Many new users were also interested in data from the Shanghai breach, which initially attracted them to the forum. China blocked the forum after the breach, indicating that authorities consider the breach severe.
We just published our report on Shanghai police data breach: here are our findings: 1. There is one backdoor link with full access to the Shanghai polo database, and the backdoor was detected by search engine in April 2021 & the backdoor was published. https://t.co/OGKeBRL9HF
— Yong Xiong (@yongxiong2008) July 5, 2022
“Now that the data is out, it can be used in cyberattacks, social engineering campaigns, and other malicious activities. We anticipate that we will be seeing the reverberations of this breach on the underground for quite some time,” Yusupov wrote.
The Shanghai breach triggered an investigation, with authorities scrutinizing Alibaba’s cloud platform and accusing company executives of hosting the police database with outdated systems. According to other reports, however, the data was publicly available via an unsecured backdoor link since as early as April 2021, allowing for access to the database without a password.