Miscellaneous News

coolgod said:

People found that blog today (check the archive record), probably someone google searched the hostname provided in the breached selling forum and happened to find this credential floating on the web. It is entirely possible the hackers used another method or credentials to access the data. Regardless even with the credentials someone had to have internal network access to dump the entire database.

The data allegedly contains the ID number/name and basic info on every person in China (1.4 billion) which is entirely possible for Shanghai police dept to have. The ID/name/addresses were also confirmed by cross-referencing other leaked chinese databases.
The data allegedly also contains the police records of all the cases in Shanghai from 1949-2021? The sample leaks shows some and this is really embarrassing stuff.

There are no photos in the leak, but the json files gave the internal links to the photos. The hackers know transferring all the photos is way too much, just the text data is 23 TB.

Like many others on the internet, I think it is real but the seller has a political motive. 10 BTC for a 23TB leak of that sensitive info is way too less, China will hunt this guy for life. It was also released on Jun 30th (right before July 1st CPC birthday), even though the data was dumped in 2021 (nothing from 2022 showed up in the sample data). Historically nasty things have a habit of showing up before CPC party congresses.

Click to expand...

coolgod said:

People found that blog today (check the archive record), probably someone google searched the hostname provided in the breached selling forum and happened to find this credential floating on the web. It is entirely possible the hackers used another method or credentials to access the data. Regardless even with the credentials someone had to have internal network access to dump the entire database.

The data allegedly contains the ID number/name and basic info on every person in China (1.4 billion) which is entirely possible for Shanghai police dept to have. The ID/name/addresses were also confirmed by cross-referencing other leaked chinese databases.
The data allegedly also contains the police records of all the cases in Shanghai from 1949-2021? The sample leaks shows some and this is really embarrassing stuff.

There are no photos in the leak, but the json files gave the internal links to the photos. The hackers know transferring all the photos is way too much, just the text data is 23 TB.

Like many others on the internet, I think it is real but the seller has a political motive. 10 BTC for a 23TB leak of that sensitive info is way too less, China will hunt this guy for life. It was also released on Jun 30th (right before July 1st CPC birthday), even though the data was dumped in 2021 (nothing from 2022 showed up in the sample data). Historically nasty things have a habit of showing up before CPC party congresses.

Click to expand...

MortyandRick said:

Can you link the forum where this person is selling it? Wonder if the Chinese MSS would have the ability to track this guy down or if they are even aware?

how damaging to the country is this leak?

Click to expand...

coolgod said:

https://www.reddit.com/r/real_China_irl/comments/vqjlmr
I followed the twitter thread and found this disgusting sub where everyone is cheering on the leak. Anyways it suggests the credentials were leaked in a blog post 2 years ago.

Please, Log in or Register to view URLs content!

I downloaded the sample leak files, if true (I think likely) this is very damaging.
Original breached thread

Please, Log in or Register to view URLs content!

Click to expand...

solarz said:

23 TB for a billion people allows for 20 kb per person. For individual case files that ranges from 1949 to 2021.

What's more, somehow this supposedly massive data is stored in clear text json format. Guess they never needed to do any queries on it?

Click to expand...

----TABLES----
person_address_label_info_slave QFpD25bKTJ2eQBxcbe2Aaw 90 0 546148916 0 172.2gb 172.2gb
nb_theme_address_merge_tracks_slave -bUMVB1uRRusUbbqZepEpA 300 0 37483779369 4 22.4tb 22.4tb
nb_theme_address_case_dwd_test 7COIWTt7QU-YPwWub8z_SQ 150 0 22375506 1749307 25.2gb 25.2gb
nb_theme_address_company_dwd-total fpnmEYB9SI6WevHnZIEwIA 150 0 1842856 0 2.8gb 2.8gb
nb_theme_address_case_dwd-total 7X8oNqULQnWFLpzHDaUTbg 150 0 1214119253 0 1tb 1tb
nb_theme_address_company_dwd_test g5f6l4LGQcGL3oQ6ON2Bbw 150 0 2017931 0 4.3gb 4.3gb
person_address_label_info_master t64pp9WnS3maY9jBjzTtiw 90 0 969830088 0 282.8gb 282.8gb

Data Details:

Databases contain information on 1 Billion Chinese national residents and several billion case records, including:
- Name
- Address
- Birthplace
- National ID Number
- Mobile number
- All Crime / Case details

Click to expand...

MortyandRick said:

Can you link the forum where this person is selling it? Wonder if the Chinese MSS would have the ability to track this guy down or if they are even aware?

how damaging to the country is this leak?

Click to expand...

"The GDPNow model estimate for real GDP growth, seasonally adjusted annual rate, in the second quarter of 2022 is -2.1% on July 1, down from -1.0% on June 30," Atlanta Fed said in a statement.

Click to expand...

coolgod said:

I have already linked the seller thread in my initial post response, the thread also contains a sample of 750k datapoints which you can download to check for yourself



From the "seller"

All crime/case details is for shanghai only, so not 1.4 billion, there should also be the basic ID info on all 1.4 Billion Chinese. There are also a lot of misc stuff from people all across China which I still haven't figured out in the sample.


All the Shanghai case details is very damaging. The US already public tracks CPC officials. e.g.,

Please, Log in or Register to view URLs content!

Cross-reference any party members in Shanghai or anyone in powers of authority, the blackmail potential is enormous.

Click to expand...

coolgod said:

I have already linked the seller thread in my initial post response, the thread also contains a sample of 750k datapoints which you can download to check for yourself



From the "seller"

All crime/case details is for shanghai only, so not 1.4 billion, there should also be the basic ID info on all 1.4 Billion Chinese. There are also a lot of misc stuff from people all across China which I still haven't figured out in the sample.


All the Shanghai case details is very damaging. The US already public tracks CPC officials. e.g.,

Please, Log in or Register to view URLs content!

Cross-reference any party members in Shanghai or anyone in powers of authority, the blackmail potential is enormous.

Click to expand...

coolgod said:

Original breached thread

Please, Log in or Register to view URLs content!

Click to expand...

MortyandRick said:

Does anyone else have experience with this forum? It seems all the database leaks are from China? Is this some sort of attack on Chinese databases?

Click to expand...

Coalescence said:

I did a quick look around in the forum, and it seems to be not limited to Chinese database only, there's a lot from US and some from Europe like Germany and Sweden. Reading through the replies in that thread, I'm really amused by some of them think the OP committed a heroic act or humiliated the government.

I think the end result would just be some local government officials getting blamed and sacked from this incident, and a greater push by the central government to further control and regulate data collection on big data companies, while Xi's faction can blame this on the corruption of the opposing faction, increasing his influence in the party.

Click to expand...