Big questions remain around massive Shanghai police data breach

Questions continue to swirl around a June 30 incident where an unknown individual put up for sale on a popular underground forum a staggering 23TB of personally identifiable information (PII), belonging to some 1 billion people in China.

And, in the meantime, the database is continuing to cause ripples across the Dark Web.

The dataset was reportedly accessed from an unsecured Shanghai police database hosted on Alibaba’s cloud hosting platform. It included names, addresses, birthplaces, phone numbers, national IDs, and criminal records associated with Chinese citizens and even foreign nationals who might have visited Shanghai during the past few years. The database is still available for sale for 20 bitcoins, or roughly $240,000 currently.

The leak is believed to have happened because a dashboard for managing the database was apparently left open to the Internet, without a password, for more than one year. Though the incident represents one of the largest ever compromises of PII to date, news of it has reportedly been largely blacked out in China.

However, that has not stopped members of the country’s prolific hacking community from flocking to the underground forum where the data is available, according to researchers at Cybersixgill who have been tracking the aftermath of the massive breach. There also has been a notable increase in data leaks of Chinese entities that have been shared on the forum since June 30, they noted.

“We anticipate that we will be seeing the reverberations of this breach on the underground for quite some time,” predicts Naomi Yusupov, Chinese intelligence analyst at Cybersixgill. She expects that threat actors will try and use the leaked data in social engineering campaigns, in attacks to try and access more data, and in a variety of other malicious ways.

Yusupov also expects the breach to encourage other threat actors to share more data from breaches in China, as has already begun happening. Chinese threat actors appear to be viewing the high asking price for the Shanghai data as an indication that Chinese databases overall are highly valuable. This could encourage more Chinese data leaks, she says.

“The massive uptick in Chinese users active on the forum could increase the communication and knowledge transfer between the Chinese and the English underground,” she notes.

More Than Just Another Cloud Misconfig

There have been countless instances where organizations have similarly exposed sensitive data by leaving it in poorly secured, Internet-accessible cloud storage buckets like Amazon’s S3 and ElasticSearch buckets. The most recent incident involved 3TB of sensitive data belonging to airport employees in Columbia and Peru that was exposed via a misconfigured Amazon S3 bucket.

Vendors such as Upguard have reported detecting thousands of such instances in recent years. UpGuard’s most notable discoveries on S3 buckets include some 540 million records from multiple Facebook third-party apps, trade secrets belonging to GoDaddy, and 73GB of data belonging to Pocket Inet employees.

What makes the Shanghai breach notable is its sheer scale. By most accounts, it is one of the largest ever known compromises of PII.

To read the complete article, visit Dark Reading.