Hacked Shanghai Police Database Won’t Allow Users to Set Password

A recently stolen database containing personally identifiable information on one billion Chinese citizens remained online, unprotected. (opens in a new tab)and available to anyone who knew where to look, according to reports.

The the wall street journal said an investigation is currently underway to determine the circumstances that led to the breach. Apparently the Alibaba cloud platform used by the Shanghai Police Department was outdated in such a way that even setting up a password (opens in a new tab) for the database was not an option.

These findings would be in line with what the media initially reported, when cybersecurity researchers pointed the finger at third-party cloud infrastructure partners such as Alibaba, Huawei or Tencent.

Database for sale

The WSJ also said that representatives of the Chinese cloud giant have been summoned for interviews with investigators, including the company’s vice president, Chen Xuesong. Both parties have yet to comment.

Unknown cybercriminals had sought to sell the huge database, which allegedly contained people’s names, government identification numbers, as well as phone numbers, on the dark web. Additionally, the database contained records of crimes reported to the police department, with some of the data even belonging to minors.

The criminals advertising the database demanded 10 bitcoins, or about $200,000, in exchange for the data.

This type of data is in high demand by cybercriminals, as it allows them to engage in all sorts of fraudulent activities, from identity theft to phishing, payment fraud, and more.

After news of the theft broke, Alibaba disabled all access to the database, the post added, further stating that its engineers began inspecting the associated code, but could not say conclusively how. the violation has occurred.

Via: Wall Street Journal (opens in a new tab)