A hacker claims to have obtained the non-public info of 48.5 million customers of a COVID well being cell app run by town of Shanghai, the second declare of a breach of the Chinese monetary hub’s knowledge in simply over a month.

The hacker with the username “XJP” posted a suggestion to promote the information for $4,000 (roughly Rs. 3,20,000) on the hacker discussion board Breach Forums on Wednesday.

The particular person offered a pattern of the information together with the telephone numbers, names, Chinese identification numbers, and well being code standing of 47 individuals.

Eleven of the 47 reached by Reuters confirmed they have been listed within the pattern, although two stated their identification numbers have been flawed. Reuters was unable to additional confirm the authenticity of the hacker’s declare.

The true dimension and nature of those sorts of information hacks is usually overstated by the vendor in an try and make a fast revenue.

“This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” XJP stated within the publish, which initially requested for $4,850 (roughly Rs. 4,00,000) earlier than reducing the value later the identical day.

Suishenma is the Chinese identify for Shanghai’s well being code system, which town of 25 million individuals established in early 2020 to fight the unfold of COVID-19. All residents and guests have to make use of it.

The app collects journey knowledge to provide customers a crimson, yellow or inexperienced ranking indicating the probability of getting the virus. The code needs to be proven to enter public venues.

The knowledge is managed by town authorities and customers can entry Suishenma both by downloading the app or opening it utilizing the Alipay app, owned by fintech big and Alibaba affiliate Ant Group, and Tencent’s WeChat app.

The Shanghai authorities, Ant and Tencent didn’t instantly reply to requests for remark. XJP declined to remark when reached on Breach Forums.

“I’m not ready to answer questions yet as I have a lot more to drop,” XJP stated.

The purported Suishenma breach comes after a hacker final month claimed to have procured 23TB of non-public info belonging to at least one billion Chinese residents from the Shanghai police.

That hacker additionally supplied to promote the information on Breach Forums.

The first hacker was in a position to steal knowledge from the police as a dashboard for managing a police database that had been left open on the general public web with out password safety for greater than a 12 months, the Wall Street Journal reported, citing cyber safety researchers.

The newspaper stated knowledge was hosted on Alibaba’s cloud platform and Shanghai authorities had summoned firm executives over the matter.

Neither the Shanghai authorities nor the police nor Alibaba have commented on the police database matter.

Chinese regulatory our bodies have prior to now two years introduced a barrage of recent guidelines strengthening oversight over the personal sector’s administration of person knowledge, after years of complaints by residents about how their private knowledge might be simply stolen or offered.

A screenshot of XJP’s supply on Breach Forums went viral on Chinese social media on Friday, prompting a number of Weibo customers to weigh in on this newest leak and its broader implications, in addition to query what kind of motion can be taken.

“Data leaks in China are really no longer uncommon news,” stated one.

© Thomson Reuters 2022