Article content material

BEIJING — A hacker claims to have obtained the private data of 48.5 million customers of a COVID well being cellular app run by the town of Shanghai, the second declare of a breach of the Chinese language monetary hub’s information in simply over a month.

The hacker with the username as “XJP” posted a proposal to promote the information for $4,000 on the hacker discussion board Breach Boards on Wednesday.

The individual supplied a pattern of the information together with the cellphone numbers, names and Chinese language identification numbers and well being code standing of 47 folks.

Article content material

Eleven of the 47 reached by Reuters confirmed they have been listed within the pattern, although two mentioned their identification numbers have been mistaken. Reuters was unable to additional confirm the authenticity of the hacker’s declare.

The true dimension and nature of those sorts of knowledge hacks is typically overstated by the vendor in an try to make a fast revenue.

“This DB (database) incorporates everybody who lives in or visited Shanghai since Suishenma’s adoption,” XJP mentioned within the put up, which initially requested for $4,850 earlier than reducing the worth later the identical day.

Suishenma is the Chinese language identify for Shanghai’s well being code system, which the town of 25 million folks established in early 2020 to fight the unfold of COVID-19. All residents and guests have to make use of it.

Article content material

The app collects journey information to provide customers a pink, yellow or inexperienced score indicating the probability of getting the virus. The code must be proven to enter public venues.

The info is managed by the town authorities and customers can entry Suishenma both by downloading the app or opening it utilizing the Alipay app, owned by fintech big and Alibaba affiliate Ant Group, and Tencent Holdings’ WeChat app.

The Shanghai authorities, Ant and Tencent didn’t instantly reply to requests for remark. XJP declined to remark when reached on Breach Boards.

“I’m not able to reply questions but as I’ve much more to drop,” XJP mentioned.

The purported Suishenma breach comes after a hacker final month claimed to have procured 23 terabytes of private data belonging to 1 billion Chinese language residents from the Shanghai police.

Article content material

That hacker additionally supplied to promote the information on Breach Boards.

The primary hacker was in a position to steal information from the police as a dashboard for managing a police database had been left open on the general public web with out password safety for greater than a yr, the Wall Road Journal reported, citing cyber safety researchers.

The newspaper mentioned information was hosted on Alibaba’s cloud platform and Shanghai authorities had summoned firm executives over the matter.

Neither the Shanghai authorities, nor police nor Alibaba have commented on the police database matter.

Chinese language regulatory our bodies have up to now two years introduced a barrage of recent guidelines strengthening oversight over the non-public sector’s administration of consumer information, after years of complaints by residents of how their private information could possibly be simply stolen or bought.

A screenshot of XJP’s provide on Breach Boards went viral on Chinese language social media on Friday, prompting a number of Weibo customers to weigh in on this newest leak and its broader implications, in addition to query what kind of motion can be taken.

“Knowledge leaks in China are actually now not unusual information,” mentioned one. (Reporting by Eduardo Baptista and the Shanghai newsroom; Writing by Brenda Goh; Enhancing by Robert Birsel, Mike Harrison and Mark Potter)