- The hacker known as “ChinaDan” has reportedly attempted to sell the possibly largest database ever stolen from the underground website forum.
- This database reportedly has personal records of over 1 billion Chinese citizens, including their names, addresses, national ID numbers, and police records.
- The CEO of Binance, Changpeng Zhao, warned the public that there was a threat from this breach before the majority of the governments in the world even knew it was happening.
Researchers suspect a hacker has posted the largest known stolen database ever, a record containing over one billion records previously stored on major companies’ servers, with the intention to sell it through an anonymous online marketplace for 10 bitcoins.
According to investigators, there is currently no confirmation of this breach; however, if proven accurate, this incident will represent a catastrophic failure of government-level data securement—leaving hundreds of millions of individuals unprotected from potential thefts of identity and fraud.
Binance CEO Sounds the Alarm First
Changpeng Zhao, CEO of cryptocurrency giant Binance, became one of the first major voices to publicly flag the listing. His threat intelligence team spotted it early. Zhao immediately took to Twitter to alert the global tech community before most people even knew the listing existed.
“The records include names, addresses, national IDs, mobile numbers, and police and medical records from one Asian country,” Zhao wrote in his post. “A vulnerability in an Elastic Search deployment by a government agency most likely caused this leak.”
Zhao indicated that one of the greater threats evolving from an occurrence of this nature is that it affects all aspects related to hacking detection and prevention systems; thus making it possible for criminals to utilize these mobile phone numbers to conduct account takeover (i.e., using a user’s mobile number to gain access to their account).
“All platforms must quickly enhance their security in regards to this issue,” he said. Following the leak, Binance took immediate action by increasing user identity verification requirements for those who may have been affected by this breach; however, governments have not yet officially recognized the event as occurring.
ChinaDan’s 23-Terabyte Offer
ChinaDan described the listing as a 23-terabyte database pulled directly from the Shanghai National Police (SHGA) system. That volume alone dwarfs most corporate breaches the world has ever recorded.
The seller laid out the contents explicitly. The database holds records on one billion Chinese residents and several billion case files. It includes names, addresses, birthplaces, national ID numbers, mobile numbers, and complete criminal and case details.
This combination makes the breach uniquely dangerous. Most high-profile leaks expose email addresses or passwords. Those cause damage, but organizations can manage them.
This dataset links government-issued identity documents directly to criminal and medical records. A criminal holding that kind of profile on a target can inflict damage that goes far beyond a compromised password.
The stolen data breaks down into specific categories:
- Names and national ID numbers appear across the entire dataset.
- Mobile numbers and home addresses feature in the vast majority of records.
- Police case files and criminal histories sit inside the database.
- Medical records form part of the exposed information.
- Birthplace data adds another layer of identifying detail for every individual.
While ChinaDan seeks to sell this data outright, other cybercriminals prefer extortion, like the Qilin ransomware group, which recently posted a New Zealand property developer’s stolen files on the dark web after the company refused to pay, proving that data can be weaponized in multiple ways.
Rights activist Fu Xianyi also referenced the breach publicly, pointing directly to the Shanghai public security database as the source. Several reports indicated that the data could have been compromised by an Alibaba Cloud service, but there has been no response from Alibaba regarding this matter.
Furthermore, the Chinese Government has not publicly supported or denied the authenticity of these reports. This lack of information only increases the fears of over one billion people whose personal data may now be publicly exposed via the internet in illegal markets.
State Systems Prove Just as Vulnerable
Hackers routinely target retail companies and tech firms. Those sectors absorb the majority of typical breaches. This incident breaks that pattern in a way that should worry everyone.
It demonstrates that state-level databases carry the same vulnerabilities as any poorly secured corporate server. Citizens have no choice but to trust these systems with their most sensitive information.
The record count alone forces a reset in how analysts think about data breaches. Researchers previously treated incidents involving tens of millions of records as headline events.
One billion records change that baseline entirely. Yet even as breaches grow larger, the financial mechanisms that enable them are under siege, with dark web crypto trade plummeting as authorities get better at tracing blockchain transactions and shutting down illicit exchanges.
Experts currently estimate that the total amount of exposed records worldwide is in the hundreds of billions. Events such as those of recent months have continued to drive that number up.
The advice provided by experts has not changed; however, its urgency has increased. Changing your passwords, enabling two-factor authentication, and monitoring your accounts for unusual transactions are no longer optional.
