Hacker offers to sell 48.5 million China COVID users’ data

hacker offers to sell 48.5 million china covid users' data
hacker offers to sell 48.5 million china covid users’ data

The city of Shanghai’s COVID health code mobile app was hacked for the second time in less than a month, with the hacker claiming to have gotten the personal information of 48.5 million users.

On Wednesday, a hacker who goes by the handle “XJP” on the forum Breach Forums offered to sell the information in exchange for $4,000.

The hacker gave 47 individuals’ phone numbers, names, Chinese ID numbers, and health code statuses as an example of the data.

Eleven of the 47 individuals contacted by shauntv acknowledged their inclusion in the sample, while two claimed their ID numbers were incorrect.

XJP added in the post, “This DB (database) comprises everyone who lives in or visited Shanghai since Suishenma’s adoption.” Initially, XJP sought for $4,850, but he lowered the price later in the day.

Shanghai’s health code system, known as Suishenma in Chinese, was implemented in the year 2020 alongside similar initiatives in many other Chinese cities with populations above 25 million in an effort to curb the spread of the coronavirus H19. Everyone, locals and guests alike, must utilise it.

Users must present the app’s code in order to enter public spaces, and the app tracks their whereabouts to assign them a “red,” “yellow,” or “green” grade based on their vulnerability to contracting the virus.

Users can use Suishenma through the Alipay app, which is controlled by finance giant and Alibaba (9988.HK) affiliate Ant Group, or through the WeChat app, which is owned by Tencent Holdings (0700.HK).

When reached for comment, XJP, the Shanghai government, Ant, and Tencent remained silent.

A hacker claimed early last month that they had stolen 23 terabytes of data belonging to one billion Chinese individuals from the Shanghai police, setting the stage for the alleged Suishenma breach.

The Wall Street Journal reported, citing cyber security researchers, that the police database’s administrative dashboard had been accessible on the internet without a password for over a year, allowing the initial hacker to take the data.

According to the article, Shanghai authorities have questioned Alibaba executives after learning that the company hosts customer data on its cloud platform.

The Shanghai administration, the Shanghai police, and Alibaba have all remained silent on the issue of the police database.

You May Also Like