Hackers claim to have obtained data on 1 billion Chinese citizens from a Shanghai police database. If the leak is confirmed, it will be one of the largest data breaches in history.

In a post on the online hacking forum ‘Breach Forums’, someone using the handle “ChinaDan” offered to sell nearly 24 TB of data including what they claimed to be information on 1 billion people and “several billion case records” for 10 Bitcoin, or approximately $200,000.

The data claiming to have been stolen includes information from the Shanghai National Police database including names, addresses, national identification numbers and mobile phone numbers – as well as case details.

A sample was obtained by The Associated Press, which listed names, birthdates, ages and mobile numbers. It was also suggested that information on minors could have been included in this breach of information, as one person was listed as having been born in “2020”, with their age being “1”.  The AP could not immediately verify the sample’s authenticity.

The leak sparked conversation on Chinese social media platforms, but censors have since blocked keyword searches for things like “Shanghai data leak”.

One person said they were skeptical of the leak until they were able to verify some of the personal data that was leaked by attempting to search for people on Alipay. In a post on Weibo, they said “Everyone, please be careful in case there are more phone scams in the future!”

Experts say that if confirmed, it would be the biggest data leak in history.

Kendra Schaefer, a partner for technology at policy research firm Trivium China, said in a tweet that it’s “hard to parse truth from the rumor mill, but can confirm file exists.”

According to Michael Gazeley, Managing Director at Hong Kong-based security firm Network Box, data leaks like this one are fairly common.

“There are approximately 12 billion compromised accounts posted on the Dark Web right now. That’s more than the total number of people in the world,” he said. Gazeley added that the majority of the data leaks often come from the U.S.

Principal Research Scientist at cybersecurity firm Sophos, Chester Wisniewski, says that the breach is “potentially incredibly embarrassing to the Chinese government,” and the political harm would probably outweigh damage to the people whose data was leaked.

Wisniewski continues that most of the data is similar to what advertising companies that run banner ads would have.

“When you’re talking about a billion people’s information and it’s static information, it’s not about where they traveled, who they communicated with or what they were doing, then it becomes very much less interesting,” Wisniewski said.

Still, once hackers get data and put it online it’s impossible to fully remove it.

“The information, once it’s unleashed, is forever out there,” Wisniewski said. “So if someone believes their information was part of this attack, they have to assume it’s forever available to anyone and they should be taking precautions to protect themselves.”

A major cryptocurrency exchange said it had stepped up verification procedures to guard against fraud attempts such as using personal information from the reported attack to take over people’s accounts.

Zhao Changpeng, CEO of cryptocurrency exchange Binance, said in a tweet that its threat intelligence had detected the sale of “1 billion resident records.”

“This has impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc.” Changpeng said in a tweet, before saying that Binance has already stepped up verification measures.

Story via ABC News