Hacker Offers to Sell Data of 48.5 Million Users of Shanghai’s COVID App

A hacker claims to have obtained the non-public info of 48.5 million customers of a COVID well being cellular app run by town of Shanghai, the second declare of a breach of the Chinese language monetary hub’s information in simply over a month.

The hacker with the username “XJP” posted a suggestion to promote the info for $4,000 (roughly Rs. 3,20,000) on the hacker discussion board Breach Boards on Wednesday.

The particular person supplied a pattern of the info together with the telephone numbers, names, Chinese language identification numbers, and well being code standing of 47 individuals.

Eleven of the 47 reached by Reuters confirmed they have been listed within the pattern, although two mentioned their identification numbers have been incorrect. Reuters was unable to additional confirm the authenticity of the hacker’s declare.

The true measurement and nature of those sorts of information hacks is typically overstated by the vendor in an try and make a fast revenue.

“This DB (database) accommodates everybody who lives in or visited Shanghai since Suishenma’s adoption,” XJP mentioned within the publish, which initially requested for $4,850 (roughly Rs. 4,00,000) earlier than reducing the value later the identical day.

Suishenma is the Chinese language title for Shanghai’s well being code system, which town of 25 million individuals established in early 2020 to fight the unfold of COVID-19. All residents and guests have to make use of it.

The app collects journey information to provide customers a purple, yellow or inexperienced ranking indicating the probability of getting the virus. The code must be proven to enter public venues.

The info is managed by town authorities and customers can entry Suishenma both by downloading the app or opening it utilizing the Alipay app, owned by fintech big and Alibaba affiliate Ant Group, and Tencent‘s WeChat app.

The Shanghai authorities, Ant and Tencent didn’t instantly reply to requests for remark. XJP declined to remark when reached on Breach Boards.

“I am not able to reply questions but as I’ve much more to drop,” XJP mentioned.

The purported Suishenma breach comes after a hacker final month claimed to have procured 23TB of private info belonging to at least one billion Chinese language residents from the Shanghai police.

That hacker additionally supplied to promote the info on Breach Boards.

The primary hacker was in a position to steal information from the police as a dashboard for managing a police database that had been left open on the general public web with out password safety for greater than a 12 months, the Wall Road Journal reported, citing cyber safety researchers.

The newspaper mentioned information was hosted on Alibaba’s cloud platform and Shanghai authorities had summoned firm executives over the matter.

Neither the Shanghai authorities nor the police nor Alibaba have commented on the police database matter.

Chinese language regulatory our bodies have previously two years introduced a barrage of latest guidelines strengthening oversight over the personal sector’s administration of person information, after years of complaints by residents about how their private information could possibly be simply stolen or offered.

A screenshot of XJP’s provide on Breach Boards went viral on Chinese language social media on Friday, prompting a number of Weibo customers to weigh in on this newest leak and its broader implications, in addition to query what kind of motion could be taken.

“Information leaks in China are actually now not unusual information,” mentioned one.

© Thomson Reuters 2022


Leave a Reply

Your email address will not be published. Required fields are marked *