Trending

ee-track">
Link copied!

1.3 Billion Records of Chinese Citizens Leaked Online

Recently, during our routine darkweb and cybercrime monitoring, Cyble researchers came across a Threat Actor (TA) posting more than 1.3 billion records containing sensitive information about Chinese citizens on a cybercrime forum called RaidForums. The data sources include:   Dungeon Fighter Online, an online role-playing game  Tencent QQ, an instant messaging service owned by Tencent …

April 20, 2021 · 5 min read
1.3 Billion Records of Chinese Citizens Leaked Online

Recently, during our routine darkweb and cybercrime monitoring, Cyble researchers came across a Threat Actor (TA) posting more than 1.3 billion records containing sensitive information about Chinese citizens on a cybercrime forum called RaidForums. The data sources include:  

  • Dungeon Fighter Online, an online role-playing game 
  • Tencent QQ, an instant messaging service owned by Tencent 
  • Shunfeng (SF) Express, a delivery service and logistics company 
  • JD.com, the second-largest e-commerce company in China                                    
  • Sina Weibo.com, a microblogging site similar to Twitter                   
  • Car owners’ data. No source for the data indicated here    
  • Citizen Identity Number leak. No source for the data indicated here 

Figure 1 is a screenshot of the post by the Threat Actor.  

image 16

Figure 1 Post by the TA 

Our research has indicated that the TA joined RaidForums in April 2021 and, so far, has contributed just two threads to the forum. The reputation is almost neutral, suggesting that the TA is new to the forum.  

Further investigation:  

Cyble went through all the files that were posted to verify and validate the claims made by the TA and further understand the sensitivity of the information leaked.  

report-ad-banner

For Dungeon Fighter- the leaked files include, amongst other things, the email IDs and passwords of its users, and the total number of user records is 70 million

In the case of Tencent QQ, the leaked files include the Ids and phone numbers of about 900 million users, which is almost 65% of the total population of China.  

image 14

Figure 2 Screenshot of leaked data from QQ.com 

The leaked files associated with SF Express comprise its users’ full addresses and their names and mobile numbers. This includes data of about 70 million users.  

image 17

Figure 3 Screenshot of leaked data from SF Express 

In the case of JD.com, the breaches at JD.com have been reported earlier as well. However, the previous breaches have not involved data of as many users as the recent data leak. This breach includes around 140 million user data of JD.com, along with their names, passwords (hashed), email IDs, and mobile numbers. 

image 19

Figure 4 Screenshot of leaked data from JD.com 

The breached data of Sina Weibo includes about 500 million user phone numbers along with their linked unique IDs.             

image 15

Figure 5 Screenshot of leaked data from Weibo 

The Car owners’ data leak file appears to be an amalgamation of several databases for information on car owners. This includes names, Citizen Identity Numbers, mobile numbers, email IDs, addresses, DOBs, and the reported monthly incomes of more than 760k people.  

image 20

Figure 6 Screenshot of leaked data of Car Owners Info 

The files associated with the Citizen Identity Numbers are also an amalgamation of databases and appear to have information captured in 2016. Even though the recorded year is 2016, the Citizen Identity number allotted to a citizen is permanent and cannot be changed. These files contain names, DOBs, mobile numbers, addresses, and Citizen Identity Numbers of about 4.8 million Chinese citizens. 

image 18

Figure 7 Screenshot of leaked data of Citizen Identity Numbers 

These breaches contain extremely sensitive user data that have the potential to be misused. This also opens the floodgates for cyber fraud and other criminal activities.  

Cyble has been reporting these breaches to spread awareness of the risks associated with using online services and the growing threats to data security. 

We recommend people to: 

  • Never share personal information, including financial information over the phone, email or SMSes.  
  • Use strong passwords and enforce multi-factor authentication where possible. 
  • Regularly monitor your financial transaction, and if you notice any suspicious transaction, contact your bank immediately. 
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic. 
  • Use a reputed anti-virus and internet security software package on your connected devices, including PC, laptop, and mobile. 
  • People who are concerned about their exposure in the darkweb can register at AmiBreached.com to ascertain their exposure. 

About Cyble Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams