(Beijing) A hacker, who claims to have stolen the personal data of a billion Chinese, is now offering this information for sale on the Internet.
If confirmed, this data leak would be one of the largest in history.
A sample of 750,000 entries, posted online by the hacker, contains the names, mobile phone numbers, identity numbers, addresses and dates of birth of those affected.
AFP and cybersecurity experts were able to verify the authenticity of some of the data contained in this extract. But the true extent of the data leak remains to be confirmed.
Promoted on an internet forum at the end of June, but spotted only this week by computer security specialists, the database is being sold for 10 bitcoins (more than CA$250,000).
“It seems to come from multiple sources. Some come from facial recognition systems, others seem to be data collected during a census,” Robert Potter, co-founder of the Internet 2.0 cybersecurity company, told AFP.
But “there is no verification as to the total number of entries and I am skeptical of the figure of one billion citizens”, he underlines.
The administration is very extensive in China and the authorities maintain extensive population databases.
Growing public awareness has led lawmakers in recent years to strengthen data protection laws for individuals and businesses.
Citizens, however, have few means to prevent the state from collecting their personal information.
Some of the data leaked by the hacker seems to come from the history of express delivery companies, which are very developed in China.
Other entries contain summaries of incidents (traffic accident, robbery, domestic violence, rape, etc.) reported to the Shanghai police.
Four of the 12 people contacted by AFP confirmed the accuracy of the information in the published database, such as their names and addresses.
“I really don’t understand why my personal data leaked,” said one such person, a woman whose last name is Liu.
Some netizens have speculated that the data may have been hacked from a server of Chinese IT company Alibaba Cloud. Robert Potter, the cybersecurity expert, says he is convinced.
When contacted, Alibaba Cloud and the National Cybersecurity Administration did not respond to a request for comment from AFP.