- ID numbers, addresses of prominent figures tweeted publicly
- If data’s real, would be one of China’s largest online leaks
Personal information on dozens of Chinese Communist Party officials and captains of industry from Jack Ma to Wang Jianlin may have been exposed on Twitter in one of the country’s biggest online leaks of sensitive information.
Posts on Twitter from an account under the name “shenfenzheng” -- which has since been frozen -- claimed to show everything from official ID cards to the residential addresses of prominent people in government, banking, technology and industry. In some cases, their children’s alleged details were also published. Many of the tweets were swiftly deleted but Bloomberg verified that at least two of the ID numbers posted in that fashion were authentic.
The incident underscores the challenge facing China in policing the spread of information within its borders, even as it imposes rigid controls on the Internet through the world’s largest firewall. It shows China is susceptible to the sort of privacy leaks that have become commonplace in other countries.
“It’s fascinating irony here, but the Great Firewall isn’t iron-clad,” said Jason Ng, a New York-based researcher with Citizen Lab, which has conducted studies exposing weak information security among Chinese companies. “Even if you have the most sophisticated developers out there, you will still inevitably get hackers who are one step ahead of you.”
Shenfenzheng, a name that literally translates as “personal ID,” tweeted that the intention was to expose how potentially sensitive information on Chinese individuals -- no matter how senior -- can be easily procured through black-market channels. Information on executives can be dredged up through publicly available filings and databases, but access is typically limited to licensed professionals who must be verified and can be tracked.
“It’s easy to figure out anybody’s information, whether you’re a government official or a celebrity,” shenfenzheng tweeted earlier. “Getting the common people’s data is like buying cabbage.”
The account was suspended Thursday. Twitter typically freezes accounts that indulge in abusive behavior or pose a risk to other users.
If accurate, the information posted could be used to infiltrate social media and bank accounts. It could also be an embarrassment to agencies tasked with safeguarding the data. The public security ministry didn’t respond to a faxed request for comment.
Information was posted purporting to disclose details of Alibaba Group Holding Ltd. Chairman Ma, Tencent Holdings Ltd. Chairman Ma Huateng, Xiaomi Corp. co-founder Lei Jun, Dalian Wanda Group Co. founder Wang and Sany Heavy Industry Co. Chairman Liang Wengen. Officials targeted included the governor of a major province. Bloomberg couldn’t verify the accuracy of all the data. Xiaomi and Sany declined to comment. Alibaba and Tencent didn’t respond to requests for comment. Wanda said it had no immediate comment.
“Are you surprised at all this information? I hope this encourages the nation’s scrutiny, and shows how worthless individual data is in China,” shenfenzheng tweeted.
The mass exposure of information is reminiscent of a series of celebrity hackings around the globe. In one of the largest attacks of that nature, hackers gained access to accounts on Apple Inc.’s iCloud and posted nude photographs online of their celebrity victims -- including model Kate Upton and actress Jennifer Lawrence.
The leaking of such information is a violation of Chinese law, punishable through fines and up to three years behind bars. Twitter, which isn’t accessible from within the country except through a virtual private network, also bans the posting of another person’s private information. It wasn’t clear how or when tweets were removed from the account. Twitter spokesman Nu Wexler declined to comment on individual users for privacy reasons.
China has set up a working group to figure out new regulations to better protect personal information, said Zuo Xiaodong, vice-president of the China Information Security Research Institute and a member of the newly established group.
“The protection of personal data is quite challenging in today’s China due to the lack of regulation,” Zuo said. “Normally it will take some years to establish new rules but these will be out much faster due to the urgency of this issue.”
— With assistance by Keith Zhai, Shai Oster, and Lulu Chen