Pak Sahafat – A hacker claims to have obtained the personal information of 48.5 million users of Shanghai’s Covid app and offered to sell the data.
According to Pak Sahafat News Agency’s report from Reuters news agency, This is the second alleged data breach of China’s financial center in a month.
This hacker, who introduced himself as “XJP”, offered to sell this data for $4,000 on the hacker website Breach Forums.
For example, this person has published information such as phone numbers, names and Chinese identification numbers and health code status of 47 people.
Of the 47, 11 told Reuters their information was included in the sample, but two miscounted their information.
Read more:
The hacker initially asked for $4,850, but later lowered the price, saying the database included information on everyone who has lived in or visited Shanghai since the Shanghai health code system, known as Suishnema, was launched.
Suishnema is the Chinese name for Shanghai’s health code system, which the city of 25 million people launched in early 2020 to combat the spread of Covid-19. All city residents and visitors are required to use this system.
The app collects passenger information to notify users of a red, yellow or green status that indicates a possible virus outbreak. Users must show this code to enter public areas.
The alleged breach of the system comes as another hacker claimed to have obtained 23 terabytes of personal data belonging to one billion Chinese citizens from the Shanghai police last month. That hacker also offered to sell the information on the Breach Forums hacker website.
Citing cyber security experts, the Wall Street Journal reported that the first hacker was able to steal information from the police because the police’s database management system had been left open to the public for more than a year without asking for a password.
After years of complaints from users about how their personal information is stolen or sold, China’s regulatory bodies have introduced a series of new rules in the past two years to strengthen oversight of the private sector management of users’ data.