Hacker offers to sell Shanghai COVID app user data



(Reuters) – A hacker claims to have obtained the personal details of 48.5 million users of a COVID-19 mobile health app run by the city of Shanghai, the second allegation of a data breach from the Chinese financial hub in just over a month.

The hacker with the username “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday.

The person provided sample data, including phone numbers, Chinese names and identification numbers, and health code status of 47 people.

Eleven of the 47 contacted by Reuters confirmed they were in the sample, although two said their ID numbers were wrong. Reuters was unable to further verify the authenticity of the hacker’s claim.

The true size and nature of these types of data breaches are sometimes overestimated by the seller in an effort to make a quick profit.

“This database (database) contains everyone who lives in or has visited Shanghai since the adoption of Suishenma,” XJP said in the post, which initially asked for $4,850 before dropping the price later the same day. .

Suishenma is the Chinese name for Shanghai’s health code system, which the city of 25 million people implemented in early 2020 to combat the spread of COVID-19. All residents and visitors must use it.

The app collects travel data to give users a red, yellow or green rating indicating the likelihood of having the virus. The code must be shown to enter public places.

Source link


Comments are closed.