https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Big questions remain around massive Shanghai police data breach

Big questions remain around massive Shanghai police data breach

  • Written by Jai Vijayan / Dark Reading
  • 1st August 2022

Questions continue to swirl around a June 30 incident where an unknown individual put up for sale on a popular underground forum a staggering 23TB of personally identifiable information (PII), belonging to some 1 billion people in China.

And, in the meantime, the database is continuing to cause ripples across the Dark Web.

The dataset was reportedly accessed from an unsecured Shanghai police database hosted on Alibaba’s cloud hosting platform. It included names, addresses, birthplaces, phone numbers, national IDs, and criminal records associated with Chinese citizens and even foreign nationals who might have visited Shanghai during the past few years. The database is still available for sale for 20 bitcoins, or roughly $240,000 currently.

The leak is believed to have happened because a dashboard for managing the database was apparently left open to the Internet, without a password, for more than one year. Though the incident represents one of the largest ever compromises of PII to date, news of it has reportedly been largely blacked out in China.

However, that has not stopped members of the country’s prolific hacking community from flocking to the underground forum where the data is available, according to researchers at Cybersixgill who have been tracking the aftermath of the massive breach. There also has been a notable increase in data leaks of Chinese entities that have been shared on the forum since June 30, they noted.

“We anticipate that we will be seeing the reverberations of this breach on the underground for quite some time,” predicts Naomi Yusupov, Chinese intelligence analyst at Cybersixgill. She expects that threat actors will try and use the leaked data in social engineering campaigns, in attacks to try and access more data, and in a variety of other malicious ways.

Yusupov also expects the breach to encourage other threat actors to share more data from breaches in China, as has already begun happening. Chinese threat actors appear to be viewing the high asking price for the Shanghai data as an indication that Chinese databases overall are highly valuable. This could encourage more Chinese data leaks, she says.

“The massive uptick in Chinese users active on the forum could increase the communication and knowledge transfer between the Chinese and the English underground,” she notes.

More Than Just Another Cloud Misconfig

There have been countless instances where organizations have similarly exposed sensitive data by leaving it in poorly secured, Internet-accessible cloud storage buckets like Amazon’s S3 and ElasticSearch buckets. The most recent incident involved 3TB of sensitive data belonging to airport employees in Columbia and Peru that was exposed via a misconfigured Amazon S3 bucket.

Vendors such as Upguard have reported detecting thousands of such instances in recent years. UpGuard’s most notable discoveries on S3 buckets include some 540 million records from multiple Facebook third-party apps, trade secrets belonging to GoDaddy, and 73GB of data belonging to Pocket Inet employees.

What makes the Shanghai breach notable is its sheer scale. By most accounts, it is one of the largest ever known compromises of PII.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Analytics Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Funding Incident Command/Situational Awareness Interoperability News Policy Public Safety Security Software State & Local Government System Design System Operation Tracking, Monitoring & Control Partner content

Most Recent


  • Intelsat, OneWeb team on in-flight connectivity
    UK-government backed OneWeb and US-based Intelsat are joining forces to offer in-flight connectivity services to airlines, combining the former’s low-Earth-orbit (LEO) satellite service with the latter’s geostationary (GEO) satellites to “harness the power of multi-orbit capabilities.” The companies said they expect the multi-orbit solution to be in service by 2024. Inflight connectivity is certainly an […]
  • Black Hat 2022: Adapting to the growing cyberthreat landscape
    The nation’s first cybersecurity chief is warning that the growing threat landscape will get worse as society and businesses become more digitized. At the Black Hat USA 2022 conference, Chris Krebs, the first director of the U.S. Cybersecurity and Infrastructure Security Agency, said he spent the last 18 months gathering information. He spoke to people […]
  • Diffusing the connected car's ticking data-privacy timebomb
    Connected and autonomous vehicles (CAVs) collate a significant amount of data to ensure vehicle safety, requiring an always-on internet connection and hundreds of sensors. An entire industry has been developed around monitoring, logging, analyzing and monetizing it. Yet, the danger is, particularly with increasing cyber-attacks, that this data could end up being leaked and stolen. […]
  • Patch madness: Vendor bug advisories are broken, so broken
    BLACK HAT USA – Las Vegas – Keeping up with security-vulnerability patching is challenging at best, but prioritizing which bugs to focus on has become more difficult than ever before, thanks to context-lacking CVSS scores, muddy vendor advisories, and incomplete fixes that leave admins with a false sense of security. That’s the argument that Brian […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Motorola Solutions logo
    Motorola Solutions seeks contempt finding, global injunction against Hytera for not paying royalty
  • How IT teams can use 'harm reduction' for better cybersecurity outcomes
  • Big questions remain around massive Shanghai police data breach
    Newscan: Cyberattacks against critical infrastructure quietly increase
  • Cybercrime is on the rise, and water treatment plants are particularly vulnerable

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Intelsat, OneWeb team on in-flight connectivity dlvr.it/SWgYb2

15th August 2022
UrgentComm

Black Hat 2022: Adapting to the growing cyberthreat landscape dlvr.it/SWgF3Y

15th August 2022
UrgentComm

Diffusing the connected car’s ticking data-privacy timebomb dlvr.it/SWdCw2

14th August 2022
UrgentComm

Patch madness: Vendor bug advisories are broken, so broken dlvr.it/SWcvFR

14th August 2022
UrgentComm

What the 6 GHz band might mean to fixed-wireless access dlvr.it/SWctfk

14th August 2022
UrgentComm

FirstNet PTT technical progress highlighted by AT&T at APCO 2022 dlvr.it/SWZtNJ

13th August 2022
UrgentComm

Newscan: D.C. appeals court upholds FCC decision to share 5.9 GHz V2V spectrum with Wi-Fi dlvr.it/SWZQpx

13th August 2022
UrgentComm

Cisco confirms data breach, hacked files leaked dlvr.it/SWV8l9

12th August 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X