A hacker has claimed to have obtained the non-public data of 48.5 million customers of a Covid well being code cellular app run by town of Shanghai, the second declare of a breach of the Chinese monetary hub’s information in simply over a month.
The hacker with the username as “XJP” posted a proposal to promote the information for $4,000 on the hacker discussion board Breach Forums on Wednesday.
The hacker supplied a pattern of the information together with the cellphone numbers, names and Chinese identification numbers and well being code standing of 47 folks.
Eleven of the 47 reached by Reuters confirmed that they have been listed within the pattern, although two mentioned their identification numbers have been unsuitable.
“This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” XJP mentioned within the put up, which initially requested for $4,850 earlier than decreasing the worth later within the day.
READ | Cyber assaults on Taiwan: China caught in its personal tangle
Suishenma is the Chinese title for Shanghai’s well being code system, which town of 25 million folks, like many throughout China, established in early 2020 to fight the unfold of Covid. All residents and guests have to make use of it.
The app collects journey information to provide folks a purple, yellow or inexperienced score indicating the chance of getting the virus and customers have to indicate the code to enter public venues.
The information is managed by town authorities and customers entry Suishenma by way of the Alipay app, owned by fintech big and Alibaba (9988.HK) affiliate Ant Group, and Tencent Holdings’ (0700.HK) WeChat app.
XJP, the Shanghai authorities, Ant and Tencent didn’t instantly reply to requests for remark.
The purported Suishenma breach comes after a hacker early final month mentioned that they had procured 23 terabytes of non-public data belonging to 1 billion Chinese residents from the Shanghai police. That hacker additionally provided to promote the information on Breach Forums.
The Wall Street Journal, citing cyber safety researchers, mentioned the primary hacker had been in a position to steal the information from the police as a dashboard for managing a police database had been left open on the general public web with out password safety for greater than a yr.
The newspaper mentioned information was hosted on Alibaba’s cloud platform and Shanghai authorities had summoned firm executives over the matter.
Neither the Shanghai authorities, nor police nor Alibaba have commented on the police database matter.
— ENDS —