Binance CEO Changpeng “CZ” Zhao sounded the alarm on a massive data leak of one billion Chinese residents that went up for sale on the dark web.

• Twenty-three terabytes of data containing names, addresses, birthplaces, national IDs, phone numbers, and criminal case information was reportedly stolen from a police station database in Shanghai, China. The hacker offered the information on a dark web forum for ten bitcoins.
• CZ took to Twitter on July 3 to announce that Binance threat intelligence had discovered resident records for sale on the dark web, without mentioning the country. He attributed the data breach to a bug in a government agency’s software using an “Elasticsearch” algorithm.  CZ explained that the compromised data had implications for Binance users since the data in question could be used to take over accounts. CZ added that Binance uses internal and outsourced threat detection.
  • Elasticsearch is used to quickly search through massive data sets and return answers in milliseconds (and could include corporate or government entity, data from social media posts to emails to company spreadsheets).
  • While this makes for easy access to a wealth of enterprise information, it becomes equally a tantalizing prospect for cyber bandits.

See: 

Leaky Forms: Thousands of Popular Websites See What You Type—Before You Hit Submit

Crypto.com $34 million stolen in user account hack | Data Breach Lessons

Cybersecurity experts concerned with the size and sensitivity of data

• News of the hack sent jitters throughout the Chinese security industry, triggering speculation on how it could have happened. Shanghai police have not made public any official statement.
• Cybersecurity professionals that have weighed in are concerned due to the hack’s size and the sensitivity of the exposed information, including criminal activity details.
• According to the Wall Street Journal, some reporters downloaded the list and called phone numbers to check the validity of the information. Five parties verified criminal information only the police could access, while four confirmed their identity before hanging up.

Continue to the full article --> here