Covid app: Hacker threaten to sell data of 48.5 million Shanghai users

The city of Shanghai’s COVID health code mobile app is used by 48.5 million people, and a hacker has claimed to have gotten their personal information. This is the second time in less than a month that a data breach has been reported in the Chinese financial center.

On Wednesday, the hacker posting under the alias “XJP” offered to sell the data for $4,000 on the hacker forum Breach Forums.

A sample of the data, which included 47 people’s phone numbers, names, Chinese identity numbers, and health code status, was made available by the hacker.

Of the 47 people the media were able to reach, eleven verified that they were included in the sample, but two claimed that their identifying numbers were incorrect.

In the article, XJP stated that “This DB (database) comprises everyone who has lived in Shanghai or visited since Suishenma’s adoption,” and he first requested $4,850 before dropping the price later in the day.

The 25 million-person metropolis of Shanghai devised a health code system in early 2020 to stop the spread of COVID-19. This system is known in Chinese as suishenma. Both locals and guests are required to utilize it.

Users must provide the code to enter public spaces. The app gathers travel data to assign persons a red, yellow, or green rating reflecting the likelihood of having the virus.

Users can access Suishenma through the Ant Group’s Alipay app, which is owned by the fintech giant and affiliate of Alibaba (9988.HK), and Tencent Holdings’ (0700.HK) WeChat app. The data is managed by the local administration.

The alleged Suishenma breach was reported after a hacker claimed early last month that the Shanghai police had given them 23 terabytes of personal data belonging to one billion Chinese individuals.

On breach forums, the hacker allegedly made the data available for sale.

According to cyber security experts cited by media, the police dashboard for managing a police database was left exposed on the public internet without password protection for more than a year, which allowed the first hacker to take the data from the police.

According to the tabloid, data was stored on Alibaba’s cloud platform, and Shanghai officials had called business executives to appear before them.

The police database issue has not been addressed by the Shanghai government, the police, or Alibaba.

Latest articles

EXPLAINED: The Labour party’s foreign policy in UK

David Lammy, Member of Parliament and Shadow Secretary of UK's State for Foreign, Commonwealth, and Development Affairs, provides an overview of Labour's proposal for...

Australian defence gets strong with new helicopters

To better equip the Australian Army, the Australian government has decided to purchase 40 UH-60M Black Hawk helicopters. According to the Head of Land Capability,...

OPINION: Australia’s road in preserving Indigenous languages

“With a multi-million dollar investment in language education, Australia has embraced the global movement to preserve Indigenous languages, which was launched last month in...

Mental health: Australia’s BMX program is running success among youth

Teenagers in South Australia are using BMX bikes as a form of stress reduction. Young people who had a difficult begining in life might be...

Related articles