A hacker who claims to have taken personal information from tens of millions of Chinese citizens is now selling the information online.
A sample of 750,000 entries posted online by the hacker included names, mobile phone numbers, national ID numbers, addresses, and police reports.
Some of the citizen data in the sample have been verified by AFP and cybersecurity specialists as authentic, but the scope of the whole database is difficult to determine.
The 23TB database, advertised on a forum late last month but only discovered this week by cybersecurity experts, is being sold for ten bitcoins (approximately Rs. 16,00,000.)
It appears to come from several sources. Some are facial recognition systems, others are census data, according to Robert Potter, co-founder of cybersecurity firm Internet 2.0.
The total number of records isn't verified, and he's sceptical of the one billion citizens figure.
China maintains a large national surveillance apparatus that siphons enormous amounts of data from its citizens, presumably for security reasons.
In recent years, a growing public awareness of data privacy has resulted in stronger data protection laws targeted at individuals and private enterprises, although there is little that citizens can do to prevent the state from collecting their data.
Some of the leaked data appeared to come from express delivery user records, while others included summary of incidents reported to police in Shanghai over a period of more than a decade, the most recent from 2019.
The incidents ranged from traffic accidents and minor theft to rape and domestic violence.
The heads will fall.
According to the database, at least four persons out of over a dozen people contacted by AFP confirmed their personal information, such as names and addresses.
So many people have added my WeChat in the past few days. Should I report this to the cops? said one woman surnamed Hao.
Another lady surnamed Liu claims to be really confused about why my personal information has been leaked.
Users remarked on an Alibaba Cloud server where the data was believed to be being stored by the Shanghai police.
Potter, a cybersecurity expert, claims that the files were hacked from Alibaba Cloud, which did not respond to an AFP request for comment.
If confirmed, the breach would be one of the largest in history and a major violation of recently adopted Chinese data protection regulations.
Kendra Schaefer, a tech partner at Trivium China's research firm, has tweeted that the heads will frown on this one.
The China's cybersecurity company did not respond to a fax seeking information.