Hacker claims access to Shanghai Covid app, threatens to sell data on millions of users

Small sample was provided as proof

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A hacker claims to have breached Shanghai’s Covid app andstolen the personal user datafound there

According to aReutersreport, a cybercriminal going by the name XJP took to the hacker forum Breach Forums, to advertise a database carrying sensitive information on 48.5 million users.

The database was taken from “Suishenma”, the Chinese name for Shanghai’s health code system, used by all residents and visitors of the city since early 2020. The hacker first asked for $4,850 for the database, but later toned the offer down to $4,000.

“This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” the ad reads.

Authentic samples

According to the report, the hacker posted a small sample, including data on 47 people, as proof of his claims. The sample contained the names, Chinese identification numbers, phones, and health code statuses of these people. The publication found 11 people confirming the authenticity of their information, although two did add that their identification numbers were wrong.

Suishenma has been mandatory for all residents (approximately 25 million people) and visitors of Shanghai, since early 2020. It collects travel data, and then color-codes users based on their chance of catching the virus. The users must then show the code whenever they enter public places.

Mystery hacker claims to have conducted one of the largest data heists in history>Hacked Shanghai police database didn’t let users set a password>Keep your business safe with the best endpoint protection

Users access Suishenma via the Alipay app,Reutersfurther added, stating that the city government manages the data coming into the app. At the moment, none of the affected parties were ready to comment.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Chinese authorities are faced with the second major data leak in two months, after a threat actor leaked what appears to be sensitive data on a billion Chinese. That database was also put up for sale on Breach Forums.

Via:Reuters

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

Scammers are using fake copyright infringement claims to hack businesses