The security breach, which occurred in 2022, exposed the personal information of approximately 1 billion Chinese residents. The data is now available for purchase on both the open and the dark web. It includes names, addresses, government ID numbers, mobile phone numbers, and other sensitive information.
One anonymous hacker, ChinaDan, claims to be selling the stolen information for ten bitcoin ($200,000). ChinaDan posted the offer on Breached.to, a black hat hacking site.
Binance CEO Changpeng Zhao revealed in a Twitter post over the weekend that the exchange’s threat intelligence systems detected that 1 billion resident records from “one Asian country” were being sold on the dark web. The exchange asserts that it has ramped up its verification processes for those affected by the hack.
Zhao went on to say that the breach could have been caused by a buggy deployment of ElasticSearch, an enterprise search and data analytics tool.
According to Kenny Li, co-founder of the web3 privacy project Manta Network, the hack may have implications for the crypto sector. “User data exposed through data compromises can be exploited to steal additional information such as keys through phishing attacks, or impersonate to gain unauthorized access to applications like centralized exchanges,” Li said.