Hacker Offers to Sell Data of 48.5 Million Users of Shanghai’s COVID App

A hacker claims to have obtained the private info of 48.5 million customers of a COVID well being cellular app run by town of Shanghai, the second declare of a breach of the Chinese monetary hub’s knowledge in simply over a month.

The hacker with the username “XJP” posted a proposal to promote the info for $4,000 (roughly Rs. 3,20,000) on the hacker discussion board Breach Forums on Wednesday.

The individual offered a pattern of the info together with the cellphone numbers, names, Chinese identification numbers, and well being code standing of 47 individuals.

Eleven of the 47 reached by Reuters confirmed they have been listed within the pattern, although two stated their identification numbers have been unsuitable. Reuters was unable to additional confirm the authenticity of the hacker’s declare.

The true measurement and nature of those varieties of information hacks is usually overstated by the vendor in an try to make a fast revenue.

“This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” XJP stated within the put up, which initially requested for $4,850 (roughly Rs. 4,00,000) earlier than reducing the worth later the identical day.

Suishenma is the Chinese title for Shanghai’s well being code system, which town of 25 million individuals established in early 2020 to fight the unfold of COVID-19. All residents and guests have to make use of it.

The app collects journey knowledge to offer customers a purple, yellow or inexperienced ranking indicating the chance of getting the virus. The code must be proven to enter public venues.

The knowledge is managed by town authorities and customers can entry Suishenma both by downloading the app or opening it utilizing the Alipay app, owned by fintech large and Alibaba affiliate Ant Group, and Tencent’s WeChat app.

The Shanghai authorities, Ant and Tencent didn’t instantly reply to requests for remark. XJP declined to remark when reached on Breach Forums.

“I’m not ready to answer questions yet as I have a lot more to drop,” XJP stated.

The purported Suishenma breach comes after a hacker final month claimed to have procured 23TB of non-public info belonging to 1 billion Chinese residents from the Shanghai police.

That hacker additionally supplied to promote the info on Breach Forums.

The first hacker was capable of steal knowledge from the police as a dashboard for managing a police database that had been left open on the general public web with out password safety for greater than a yr, the Wall Street Journal reported, citing cyber safety researchers.

The newspaper stated knowledge was hosted on Alibaba’s cloud platform and Shanghai authorities had summoned firm executives over the matter.

Neither the Shanghai authorities nor the police nor Alibaba have commented on the police database matter.

Chinese regulatory our bodies have prior to now two years introduced a barrage of recent guidelines strengthening oversight over the personal sector’s administration of consumer knowledge, after years of complaints by residents about how their private knowledge could possibly be simply stolen or bought.

A screenshot of XJP’s provide on Breach Forums went viral on Chinese social media on Friday, prompting a number of Weibo customers to weigh in on this newest leak and its broader implications, in addition to query what kind of motion can be taken.

“Data leaks in China are really no longer uncommon news,” stated one.

© Thomson Reuters 2022


#Hacker #Offers #Sell #Data #Million #Users #Shanghais #COVID #App