The city of Shanghai’s COVID health code mobile app is used by 48.5 million people, and a hacker has claimed to have gotten their personal information. This is the second time in less than a month that a data breach has been reported in the Chinese financial center.
On Wednesday, the hacker posting under the alias “XJP” offered to sell the data for $4,000 on the hacker forum Breach Forums.
A sample of the data, which included 47 people’s phone numbers, names, Chinese identity numbers, and health code status, was made available by the hacker.
Of the 47 people the media were able to reach, eleven verified that they were included in the sample, but two claimed that their identifying numbers were incorrect.
In the article, XJP stated that “This DB (database) comprises everyone who has lived in Shanghai or visited since Suishenma’s adoption,” and he first requested $4,850 before dropping the price later in the day.
The 25 million-person metropolis of Shanghai devised a health code system in early 2020 to stop the spread of COVID-19. This system is known in Chinese as suishenma. Both locals and guests are required to utilize it.
Users must provide the code to enter public spaces. The app gathers travel data to assign persons a red, yellow, or green rating reflecting the likelihood of having the virus.
Users can access Suishenma through the Ant Group’s Alipay app, which is owned by the fintech giant and affiliate of Alibaba (9988.HK), and Tencent Holdings’ (0700.HK) WeChat app. The data is managed by the local administration.
The alleged Suishenma breach was reported after a hacker claimed early last month that the Shanghai police had given them 23 terabytes of personal data belonging to one billion Chinese individuals.
On breach forums, the hacker allegedly made the data available for sale.
According to cyber security experts cited by media, the police dashboard for managing a police database was left exposed on the public internet without password protection for more than a year, which allowed the first hacker to take the data from the police.
According to the tabloid, data was stored on Alibaba’s cloud platform, and Shanghai officials had called business executives to appear before them.
The police database issue has not been addressed by the Shanghai government, the police, or Alibaba.
![Pinterest](https://pinterest.com/pin/create/button/?url=https://cronullanews.sydney/article/48380/covid-app-hacker-threaten-to-sell-data-of-48-5-million-shanghai-users/&media=https://cronullanews.sydney/wp-content/uploads/2022/08/download-1-1.jpg&description=On Wednesday, the hacker posting under the alias "XJP" offered to sell the data for $4,000 on the hacker forum Breach Forums.){kind=link}