Threat actors were able to breach a Shanghai police database and steal the credentials of 1 billion people across China. According to a major tech CEO in the country, human error was the cause of the breach.
Zhao Changpeng, CEO of cryptocurrency exchange giant Binance confirmed the human error. Specifically, a developer working with the government on the China Software Developer Network (CSDN) wrote a blog post where they accidentally included credentials to a system where user data is stored.
“Apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials,” Changpeng wrote in his tweet. He also showed an image showing the offending code that allowed attackers to enter.
Changpeng previously said the Binance threat intelligence team found 1 billion records of Chinese residents on sale. These were available on the dark web and likely came from the group that made the initial breach.
Outlets in China report that an anonymous hacker known as “ChinaDan” is responsible for the attack and is selling off 23 terabytes of data. This information includes addresses, names, national IDs, birthplaces, phone numbers, and details on any criminal cases against the individuals.
The group behind the attack is asking for 10 bitcoin or around $200,000 for the data. Sources in China say that the data is legitimate, and the breach did happen. Some experts are calling it not only China’s largest cybersecurity crisis but the largest data breach of all time anywhere in the world.
Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide, we show you how to limit bandwidth for Windows Update downloads, so they won’t bother you again.