Binance CEO Changpeng “CZ” Zhao raised the alarm about a China data leak affecting one billion residents. The stolen data had been up for sale on the dark web.
According to cybersecurity experts, the leak could be one of the largest ever recorded in history, highlighting the risks of collecting and storing large amounts of sensitive personal data online.
CZ Zhao warns Twitter users of massive China data leak
A police station database in Shanghai, China, comprising 23 gigabytes of data covering names, residences, birthplaces, national IDs, phone numbers, and criminal case information, was reportedly hacked. The attacker sold the information on a dark web forum for 10 Bitcoin.
Without naming the country, CZ announced on Twitter that Binance threat intelligence has found resident records for sale on the dark web. He claimed that an “Elasticsearch” algorithm bug in the software of a government entity was to blame for the data breach.
Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …
— CZ 🔶 BNB (@cz_binance) July 3, 2022
CZ clarified that the hacked data may be used to hijack accounts, which had implications for Binance users. Since then, the cryptocurrency exchange has strengthened its user verification procedures. Binance employs both internal and external threat detection, according to CZ.
Cybersecurity professionals concerned about size of breach
The intrusion shook the Chinese security industry, prompting questions about how it could have happened. The Shanghai police have not issued an official statement.
The Wall Street Journal said that several reporters downloaded the list and called phone numbers to verify the accuracy of the information. Before hanging up, five parties verified criminal information that only the police had access to, and four confirmed their identities.
Recently, the Chinese government has increased its efforts to strengthen the protection of online user privacy. The nation’s first Personal Information Protection Law, which established guidelines for collecting, using, and storing personal data, was passed last year.
Although the law can regulate tech companies, experts have expressed worry that it could be difficult to implement when applied in China.