A hacker leaked the personal data of 1 billion Chinese citizens. Now censors are blocking victims of the breach from learning what happened
A hacker this week released 23 terabytes of data containing the personal details of 1 billion Chinese citizens in what some experts say is the largest data breach in history. Now the Chinese government is scrambling to censor news of the leak, potentially blocking victims of the breach from learning that their personal data is exposed.
News of the data leak started trickling out last Thursday after an anonymous user in a hacker forum attempted to sell the entire database for 10 Bitcoin, equivalent to $202,000. The hacker said that he or she had hacked Shanghai police records and collected the names, addresses, mobile numbers, national ID numbers, ages, and birthplaces of 1 billion people.
The hacker posted a portion of the database in the advertisement on the forum with 750,000 data entries. CNN confirmed the veracity of two dozen of those entries. Nine people whose names were listed in the database told the Wall Street Journal that the corresponding personal information was correct.
Changpeng Zhao, CEO of crypto exchange Binance, rang early alarm bells about the hack on on July 4, and said that Binance had stepped up its security measures in response to the leaked data. (Elastic, a software firm that Zhao references in his tweet, told Fortune that the firm was not involved in the data breach.) He later said that the hack had likely occurred because a government developer inadvertently published login credentials to the database on a tech blog.
Experts say that the hack is particularly concerning considering just how much data China collects on its people. China’s government deploys the widest and most sophisticated citizen surveillance system in the world. The government collects granular digital and biological data through facial recognition technology, phone trackers, and iris scanners to build individual profiles for each of the country’s 1.4 billion citizens.
In response to the leak, some Chinese internet users complained that China’s government is collecting too much personal data, and they worried that breaches could expose citizens to phone scams and other attacks.
China’s government was quick to squash online conversation on the topic.
On Weibo, China’s Twitter-like platform, authorities blocked hashtags including the words “data leak,” “Shanghai national security database breach,” and “1 billion citizens’ records leak.” Censors also appeared to scrub news from other major platforms like social network WeChat. One WeChat user with 27,000 followers claimed that authorities took down the user’s post on the topic and summoned the user to be questioned by police. On Baidu, a Chinese search engine, queries for “data breach” revealed few results about the news. China’s major English-language media outlets, meanwhile, have not published stories about the topic despite the breach receiving widespread coverage by foreign media.
Victims of the breach “have to assume [their data is] forever available to anyone and they should be taking precautions to protect themselves,” Chester Wisniewski, principal research scientist at cybersecurity firm Sophos, told the Associated Press.
If the leak indeed contains records on 1 billion people, 70% of China’s population could be exposed. CNN reports that the database has been publicly accessible for the past year on the dark web. And, at least as of a few days ago, the 750,000 records shared in the hacker forum were available for anyone to search through. But because China’s government is censoring news of the hack, millions of Chinese citizens are likely unaware that their data may be vulnerable and that they should be taking steps to safeguard their personal information.
Update, July 8, 2022: This article has been updated with comment from Elastic.
Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.