Shanghai police database for sale in what could be China’s biggest ever data breach

EXCLUSIVE | A database purportedly containing information about one billion Chinese residents has been listed for sale on Breach Forums for 10 Bitcoin, or approximately US$200,000.

Attracting 177 replies and 300,000 views within hours, the listing was posted a short time ago by an anonymous user named ChinaDan.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many terabytes of data and information on Billions of Chinese citizens,” said the post.

“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID Number, mobile number, all crime/case details.”

The seller has provided what he claims is a sample data set, with 750,000 files from the database. The sample data has been uploaded to the forum’s servers.

Screen Shot 2022 07 03 at 10.17.20 pm Shanghai police
A screen shot from the Breach Forums post.

There is much debate about the legitimacy of the listing on the Forum, however many users have backed up its validity.

“I believe you have real data, but I don’t believe you will sell real. After all, 10 BTC is too cheap. Is government information cheaper than Huazhu?

“What’s more, the BTC addresses are now marked, and the funds you can actually wash should be less than $200,000, maybe only 60%. A fraudulent call can earn millions, not to mention that you risk being hunted and killed. People outside the country cannot guarantee your safety, because China now affects the whole world,” one Forum user wrote.

“From what this sample contains, and from what I verified, the information is valid and true unfortunately,” wrote another.

Another says, “Personally I am convinced that the data is 98% real. They may not be completely up to date but the system glitches sometimes and it makes sense. Whoever put this on a public sale in a website like this at this low price is either insane or just want to humiliate the Government”

The thread was closed by Forum administrators at around 7.30 am EDT on Sunday. There was one offer of 6 Bitcoins (US$116,000) for the data.

If the database is real, it would be the biggest known data breach in China’s history.

Breach Forums was launched in March this year, and has been touted as a replacement for Raid Forums, a hacking community that was shut down by U.S. authorities. Soon after, its administrator was also arrested.