Stock Market News

Hacker offers to sell data of 48.5 million users of Shanghai’s COVID app

2022.08.12 14:01

Hacker offers to sell data of 48.5 million users of Shanghai's COVID app
FILE PHOTO: A man wearing protective gear checks his mobile phone at a subway station, after the lockdown placed to curb the coronavirus disease (COVID-19) outbreak was lifted in Shanghai, China June 2, 2022. REUTERS/Aly Song

By Eduardo Baptista

BEIJING (Reuters) -A hacker claims to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub’s data in just over a month.

The hacker with the username as “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday.

The person provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.

Eleven of the 47 reached by Reuters confirmed that they were listed in the sample, though two said their identification numbers were wrong. Reuters was unable to further verify the authenticity of the hacker’s claim.

The true size and nature of these kinds of data hacks is sometimes overstated by the seller in an attempt to make a quick profit.

“This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” XJP said in the post, which originally asked for $4,850 before lowering the price later the same day.

Suishenma is the Chinese name for Shanghai’s health code system, which the city of 25 million people established in early 2020 to combat the spread of COVID-19. All residents and visitors have to use it.

The app collects travel data to give users a red, yellow or green rating indicating the likelihood of having the virus. The code has to be shown to enter public venues.

The data is managed by the city government and users can access Suishenma either by downloading the app or opening it using the Alipay app, owned by fintech giant and Alibaba (NYSE:BABA) affiliate Ant Group, and Tencent Holdings (OTC:TCEHY)’ WeChat app.

XJP, the Shanghai government, Ant and Tencent did not immediately respond to requests for comment.

The purported Suishenma breach comes after a hacker last month claimed to have procured 23 terabytes of personal information belonging to one billion Chinese citizens from the Shanghai police.

That hacker also offered to sell the data on Breach Forums.

The first hacker was able to steal data from the police as a dashboard for managing a police database had been left open on the public internet without password protection for more than a year, the Wall Street Journal reported, citing cyber security researchers.

The newspaper said data was hosted on Alibaba’s cloud platform and Shanghai authorities had summoned company executives over the matter.

Neither the Shanghai government, nor police nor Alibaba have commented on the police database matter.

Chinese regulatory bodies have in the past two years announced a barrage of new rules strengthening oversight over the private sector’s management of user data, after years of complaints by residents of how their personal data could be easily stolen or sold.

A screenshot of XJP’s offer on Breach Forums went viral on Chinese social media on Friday, prompting several Weibo (NASDAQ:WB) users to weigh in on this latest leak and its broader implications, as well as question what sort of action would be taken.

“Data leaks in China are really no longer uncommon news,” said one.

Source

Related Articles

Leave a Reply

Back to top button
bitcoin
Bitcoin (BTC) $ 98,797.47 1.02%
ethereum
Ethereum (ETH) $ 3,487.99 5.63%
tether
Tether (USDT) $ 1.00 0.04%
solana
Solana (SOL) $ 261.71 2.46%
bnb
BNB (BNB) $ 675.50 8.94%
xrp
XRP (XRP) $ 1.55 9.36%
dogecoin
Dogecoin (DOGE) $ 0.464012 16.65%
cardano
Cardano (ADA) $ 1.10 23.05%
usd-coin
USDC (USDC) $ 1.00 0.01%
staked-ether
Lido Staked Ether (STETH) $ 3,487.73 5.66%
tron
TRON (TRX) $ 0.222939 12.22%
avalanche-2
Avalanche (AVAX) $ 42.76 11.29%
shiba-inu
Shiba Inu (SHIB) $ 0.000028 11.72%
the-open-network
Toncoin (TON) $ 6.15 12.75%
wrapped-steth
Wrapped stETH (WSTETH) $ 4,111.78 5.16%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 98,649.43 1.11%
stellar
Stellar (XLM) $ 0.453727 55.52%
polkadot
Polkadot (DOT) $ 8.19 33.81%
chainlink
Chainlink (LINK) $ 17.60 16.78%
bitcoin-cash
Bitcoin Cash (BCH) $ 539.59 13.10%
sui
Sui (SUI) $ 3.65 3.66%
weth
WETH (WETH) $ 3,497.23 5.92%
pepe
Pepe (PEPE) $ 0.000022 8.91%
leo-token
LEO Token (LEO) $ 8.63 1.40%
near
NEAR Protocol (NEAR) $ 6.41 14.69%
litecoin
Litecoin (LTC) $ 102.90 15.76%
aptos
Aptos (APT) $ 12.98 9.66%
uniswap
Uniswap (UNI) $ 10.83 15.05%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,675.99 5.76%
hedera-hashgraph
Hedera (HBAR) $ 0.150328 15.50%
internet-computer
Internet Computer (ICP) $ 11.47 17.11%
crypto-com-chain
Cronos (CRO) $ 0.201336 8.47%
usds
USDS (USDS) $ 1.00 0.21%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.582762 28.75%
ethereum-classic
Ethereum Classic (ETC) $ 30.87 12.44%
render-token
Render (RENDER) $ 8.02 12.04%
kaspa
Kaspa (KAS) $ 0.161249 9.79%
bittensor
Bittensor (TAO) $ 542.97 11.13%
bonk
Bonk (BONK) $ 0.000051 2.64%
ethena-usde
Ethena USDe (USDE) $ 1.00 0.09%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.44 16.69%
arbitrum
Arbitrum (ARB) $ 0.874702 9.96%
whitebit
WhiteBIT Coin (WBT) $ 24.68 0.04%
vechain
VeChain (VET) $ 0.043896 35.97%
dogwifcoin
dogwifhat (WIF) $ 3.54 12.39%
dai
Dai (DAI) $ 1.00 0.12%
mantra-dao
MANTRA (OM) $ 3.78 3.46%
cosmos
Cosmos Hub (ATOM) $ 8.26 17.01%
blockstack
Stacks (STX) $ 2.12 12.27%
filecoin
Filecoin (FIL) $ 5.30 14.85%