BeINCrypto | David Thomas and Kyle Baird | Jul 4, 2022
Binance CEO Changpeng “CZ” Zhao sounded the alarm on a massive data leak of one billion Chinese residents that went up for sale on the dark web.
Twenty-three terabytes of data containing names, addresses, birthplaces, national IDs, phone numbers, and criminal case information was reportedly stolen from a police station database in Shanghai, China. The hacker offered the information on a dark web forum for ten bitcoins.
CZ took to Twitter on July 3 to announce that Binance threat intelligence had discovered resident records for sale on the dark web, without mentioning the country. He attributed the data breach to a bug in a government agency’s software using an “Elasticsearch” algorithm. CZ explained that the compromised data had implications for Binance users since the data in question could be used to take over accounts. CZ added that Binance uses internal and outsourced threat detection.
Elasticsearch is used to quickly search through massive data sets and return answers in milliseconds (and could include corporate or government entity, data from social media posts to emails to company spreadsheets).
While this makes for easy access to a wealth of enterprise information, it becomes equally a tantalizing prospect for cyber bandits.
Cybersecurity experts concerned with the size and sensitivity of data
News of the hack sent jitters throughout the Chinese security industry, triggering speculation on how it could have happened. Shanghai police have not made public any official statement.
Cybersecurity professionals that have weighed in are concerned due to the hack’s size and the sensitivity of the exposed information, including criminal activity details.
According to the Wall Street Journal, some reporters downloaded the list and called phone numbers to check the validity of the information. Five parties verified criminal information only the police could access, while four confirmed their identity before hanging up.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
Leave a Reply