Hacked Shanghai police database didn’t let users set a password

Alibaba infrastructure was outdated and led to breach, report claims

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A recently-stolen database holding personally identifiable information on a billion Chinese citizens had been sitting online, unprotected by anycredentials, and available for anyone who knew where to look, reports have claimed.

TheWall Street Journalhas said an investigation is currently underway to determine the circumstances leading up to the breach. Allegedly, the Alibaba cloud platform used by the Shanghai police department was outdated in such a manner that even setting up apasswordfor the database wasn’t an option.

These findings would be in line with what the media initially reported, when cybersecurity researchers pointed the finger at third-party cloud infrastructure partners such as Alibaba, Huawei, or Tencent.

Database for sale

TheWSJalso stated that the representatives of the Chinese cloud giant were called in for talks with the investigators, including the company’s Vice President, Chen Xuesong. Both parties are yet to comment.

Unknown cybercriminals had sought to sell the huge database, which allegedly contained people’s names, government ID numbers, as well as phone numbers, on the dark web. Furthermore, the database held records of crimes reported to the police department, with some of the data even belonging to minors.

Mystery hacker claims to have conducted one of the largest data heists in history>Here’s our take on the best database software right now>The FBI has busted a major online criminal database selling millions of user details

The criminals advertising the database were asking for 10 bitcoin, or roughly $200,000, in return for the data.

This type of data is in high demand among cybercriminals, as it allows them to engage in all kinds of fraudulent activities, from identity theft, to phishing, to payment fraud, and many, many more.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

After news of the theft broke out, Alibaba disabled all access to the database, the publication added, further stating that its engineers started inspecting the related code, but could not conclusively say how the breach happened.

Via:Wall Street Journal

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Quordle today – hints and answers for Friday, November 8 (game #1019)