BEIJING: A hacker has claimed to get obtained the personal information of 48. 5 million users of the Covid health code mobile app run by the city of Shanghai in china, the second claim of the breach of the Chinese language financial hub’s information in just over a month.
The hacker with the username as “XJP” posted an offer to sell the data for US$4, 000 (RM17, 777) on the hacker forum Breach Forums on Wednesday.
The hacker provided a sample of the data including the phone numbers, brands and Chinese identification numbers and wellness code status associated with 47 people.
Eleven of the 47 reached by Reuters confirmed that they had been listed in the example, though two mentioned their identification numbers were wrong.
“This DB (database) contains everyone who also lives in or went to Shanghai since Suishenma’s adoption, ” XJP said in the publish, which originally requested US$4, 850 (RM21, 554) before reducing the price later in the day.
Suishenma is the Chinese title for Shanghai’s health code system, which the city of 25 million people, like a lot of across China, set up in early 2020 to combat the spread of Covid-19. All of residents and guests have to use it.
The app gathers travel data and give people a red, yellowish or green ranking indicating the likelihood of getting the virus and users have to show the particular code to get into public venues.
The data is handled by the city government and users gain access to Suishenma via the Alipay app, owned simply by fintech giant and Alibaba affiliate Ish Group, and Tencent Holdings’ WeChat application.
XJP, the particular Shanghai government, Ant and Tencent failed to immediately respond to demands for comment.
The purported Suishenma breach comes after the hacker early last month said they had procured 23 terabytes of personal information owned by one billion Chinese citizens from the Shanghai police.
That will hacker also agreed to sell the data upon Breach Forums.
The Wall Street Journal , citing cyber security researchers, said the first hacker had been able to steal the data from the law enforcement as a dashboard regarding managing a police database had been left open up on the public Internet without password protection for more than a calendar year.
The paper said data has been hosted on Alibaba’s cloud platform and Shanghai authorities had summoned company professionals over the matter.
Neither the Shanghai government, nor law enforcement nor Alibaba have commented on the police database matter. – Reuters