Record Chinese Cyber Breach Spurs Eruption in Data for Sale

(Bloomberg) -- Since the data of about roughly 1 billion Chinese citizens appeared for sale on a popular dark web forum in June, researchers have observed a surge in other kinds of personal records from China appearing on cybercriminal marketplaces.

Most Read from Bloomberg

In the aftermath of that record leak, an estimated 290 million records about people in China surfaced on an underground bazaar known as Breach Forums in July, according to Group-IB, a cybersecurity firm based in Singapore. In August, one seller hawked personal information belonging to nearly 50 million users of Shanghai’s mandatory health code system, used to enforce quarantine and testing orders. The alleged hoard included names, phone numbers, IDs and their Covid status -- for the price of $4,000.

“The forum has never seen such an influx of Chinese users and interest in Chinese data,” said Feixiang He, a researcher at Group-IB. “The number of attacks on Chinese users may grow in the near future.”

Bloomberg was unable to confirm the authenticity of the datasets for sale on Breach Forums. The website, like other markets where illicit goods are sold, has been home to false advertisements meant to generate attention, as well as legitimate data apparently stolen in security incidents, including an instance where users marketed user information taken from Twitter Inc.

The interest in leaked Chinese data has trained a spotlight on the vast amount of information that government officials collect through Beijing’s sprawling surveillance apparatus. In the summer incident, the unknown hackers claimed to have stolen data of about 1 billion Chinese residents after their discovery of an unsecured Shanghai police database, laying bare significant vulnerabilities in how government agencies store citizens’ information.

Before that episode, there were three China-related databases marketed on Breach Forums, according to Group-IB’s Feixiang He. In July, that number jumped to 17, the firm found. Researchers were unable to confirm the legitimacy of all the information in databases posted that month.

Chinese-speaking users on Breach Forums expressed surprise that data about the country’s citizens was available for sale, according to a Bloomberg News review. The posts were so frequent that a forum administrator asked website visitors to keep posts in the English language. “Please do not send Chinese characters,” they wrote.