Hacker Offers to Sell Data of 48.5 Million Users of Shanghai's COVID App

The hacker provided the phone numbers, names, Chinese identification numbers and health code status of 47 people.

Advertisement
By Reuters | Updated: 12 August 2022 18:28 IST
Highlights
  • Hacker wanted to sell the data on Breach Forums on Wednesday
  • The app collects travel data to give users a red, yellow, or green rating
  • Shanghai residents and visitors are mandated to use the app
Hacker Offers to Sell Data of 48.5 Million Users of Shanghai's COVID App

The hacker with the username "XJP" posted an offer to sell the data for $4,000

Photo Credit: Reuters

A hacker claims to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub's data in just over a month.

The hacker with the username "XJP" posted an offer to sell the data for $4,000 (roughly Rs. 3,20,000) on the hacker forum Breach Forums on Wednesday.

The person provided a sample of the data including the phone numbers, names, Chinese identification numbers, and health code status of 47 people.

Eleven of the 47 reached by Reuters confirmed they were listed in the sample, though two said their identification numbers were wrong. Reuters was unable to further verify the authenticity of the hacker's claim.

Advertisement

The true size and nature of these kinds of data hacks is sometimes overstated by the seller in an attempt to make a quick profit.

"This DB (database) contains everyone who lives in or visited Shanghai since Suishenma's adoption," XJP said in the post, which originally asked for $4,850 (roughly Rs. 4,00,000) before lowering the price later the same day.

Advertisement

Suishenma is the Chinese name for Shanghai's health code system, which the city of 25 million people established in early 2020 to combat the spread of COVID-19. All residents and visitors have to use it.

The app collects travel data to give users a red, yellow or green rating indicating the likelihood of having the virus. The code has to be shown to enter public venues.

Advertisement

The data is managed by the city government and users can access Suishenma either by downloading the app or opening it using the Alipay app, owned by fintech giant and Alibaba affiliate Ant Group, and Tencent's WeChat app.

The Shanghai government, Ant and Tencent did not immediately respond to requests for comment. XJP declined to comment when reached on Breach Forums.

"I'm not ready to answer questions yet as I have a lot more to drop," XJP said.

The purported Suishenma breach comes after a hacker last month claimed to have procured 23TB of personal information belonging to one billion Chinese citizens from the Shanghai police.

That hacker also offered to sell the data on Breach Forums.

The first hacker was able to steal data from the police as a dashboard for managing a police database that had been left open on the public internet without password protection for more than a year, the Wall Street Journal reported, citing cyber security researchers.

The newspaper said data was hosted on Alibaba's cloud platform and Shanghai authorities had summoned company executives over the matter.

Neither the Shanghai government nor the police nor Alibaba have commented on the police database matter.

Chinese regulatory bodies have in the past two years announced a barrage of new rules strengthening oversight over the private sector's management of user data, after years of complaints by residents about how their personal data could be easily stolen or sold.

A screenshot of XJP's offer on Breach Forums went viral on Chinese social media on Friday, prompting several Weibo users to weigh in on this latest leak and its broader implications, as well as question what sort of action would be taken.

"Data leaks in China are really no longer uncommon news," said one.

© Thomson Reuters 2022


What should you make of Realme's three new offerings? We discuss them on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Hacker, Covid 19, Tencent, Alibaba
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Nord 5 and Nord CE 5 Colour Options, Key Features Leaked
  2. Samsung Galaxy Watch to Soon Get Bedtime Guidance, Vascular Load Features
  3. Samsung Galaxy S25 Ultra Price in India Discounted for a Limited Time
  4. Trump Mobile T1 Phone With 5,000mAh Battery Announced; See Price, Features
  1. Nintendo Direct Livestream Featuring Donkey Kong Bananza Announced for June 18
  2. Amazfit Active 2 Square Debuts With 1.75-Inch AMOLED Display and Up to 10 Days Battery Life
  3. Samsung’s Exynos 2500 SoC Confirmed to Feature Satellite Connectivity Ahead of Galaxy Z Flip 7 Launch
  4. Nothing Phone 3 Confirmed to Come With Snapdragon 8s Gen 4 SoC Ahead of July 1 Launch
  5. Samsung Galaxy M36 5G India Launch Teased; Rear Design and Price Range Revealed
  6. Reddit Unveils Reddit Community Intelligence, Its Suite of AI-Powered Ad Tools for Enterprises
  7. Sony Bravia 8 II QD-OLED TV Series With Acoustic Surface+ Audio, Studio Calibrated Mode Launched in India
  8. Asus Unveils Refreshed Vivobook S16, S16 OLED Laptops in India Alongside Vivobook S14: Price, Features
  9. Apple Watch Ultra 3 Said to Launch This Year; Product Roadmap for Next Three Years Leaked
  10. Google Unveils India-Focused Safety Charter, Shares How It Is Using AI to Combat Online Frauds and Scams
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.