Cyber Incident Victim: Shanghai Municipal Public Security Bureau

On July 4, 2022, an anonymous threat actor using the handle 'ChinaDan' advertised the sale of multiple databases allegedly containing over 22 terabytes of data on approximately 1 billion Chinese citizens on a hacker forum. The actor claimed the data originated from a breach of the Shanghai National Police (SHGA) database and offered it for 10 bitcoins (roughly $195,000). The advertised records included residents' full names, addresses, birthplaces, national ID numbers, mobile phone numbers, and details of criminal cases or police records. To validate the authenticity of the data, ChinaDan provided a sample containing 750,000 records with delivery information, ID data, and police call logs. The threat actor asserted the information was exfiltrated from a private cloud operated by Aliyun (Alibaba Cloud) within China's public security network infrastructure.

Binance CEO Zhao Changpeng confirmed on July 3, 2022, that his company's threat intelligence team had identified the data sale listing, attributing the breach to an accidentally exposed ElasticSearch database managed by a Chinese government agency. Zhao indicated the exposure likely resulted from a government developer inadvertently publishing access credentials in a technical blog post on the CSDN platform. Wall Street Journal reporter Karen Hao contacted individuals listed in the leaked sample, with five confirming the accuracy of all case details associated with their names—information typically accessible only to law enforcement. Four additional individuals verified basic personal details before terminating contact. While the full scale of the breach remained unconfirmed, the compromised data reportedly included billions of criminal records alongside resident information, potentially enabling identity theft and account takeover attempts through exposed mobile numbers. The incident represented one of the largest alleged data breaches in history if substantiated.