The global cybersecurity community was set alight this week by news that data on more than 1 billion people were leaked from a Shanghai police database. The implications could be wide-ranging, yet the most astounding aspect of this case may be the fact that it likely wasn’t a hack that caused it, but basic errors in digital hygiene.
The asking price for the database, which includes several billion case records, is just 10 bitcoin ($202,000). This indicates the seller is someone who happened across the data and is being opportunistic rather than a professional hacker motivated by money. A sample of the data posted in an online forum, and viewed by Bloomberg Opinion, shows records of people across China with names, identification and mobile phone numbers, the original source of the data, and a reference to the first time the details were entered into the record. Chillingly, the database includes fields referring to express delivery and food-order details. This could imply that this data were compiled by police from multiple sources across the country, beyond what law enforcement typically gathers firsthand. Of course, there may be other explanations for such data, too.