Hacker Offers to Sell Data of 48.5 Million Users of Shanghai's COVID App

The hacker provided the phone numbers, names, Chinese identification numbers and health code status of 47 people.

Advertisement
By Reuters | Updated: 12 August 2022 18:28 IST
Highlights
  • Hacker wanted to sell the data on Breach Forums on Wednesday
  • The app collects travel data to give users a red, yellow, or green rating
  • Shanghai residents and visitors are mandated to use the app

The hacker with the username "XJP" posted an offer to sell the data for $4,000

Photo Credit: Reuters

A hacker claims to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub's data in just over a month.

The hacker with the username "XJP" posted an offer to sell the data for $4,000 (roughly Rs. 3,20,000) on the hacker forum Breach Forums on Wednesday.

Advertisement

The person provided a sample of the data including the phone numbers, names, Chinese identification numbers, and health code status of 47 people.

Eleven of the 47 reached by Reuters confirmed they were listed in the sample, though two said their identification numbers were wrong. Reuters was unable to further verify the authenticity of the hacker's claim.

The true size and nature of these kinds of data hacks is sometimes overstated by the seller in an attempt to make a quick profit.

"This DB (database) contains everyone who lives in or visited Shanghai since Suishenma's adoption," XJP said in the post, which originally asked for $4,850 (roughly Rs. 4,00,000) before lowering the price later the same day.

Advertisement

Suishenma is the Chinese name for Shanghai's health code system, which the city of 25 million people established in early 2020 to combat the spread of COVID-19. All residents and visitors have to use it.

The app collects travel data to give users a red, yellow or green rating indicating the likelihood of having the virus. The code has to be shown to enter public venues.

Advertisement

The data is managed by the city government and users can access Suishenma either by downloading the app or opening it using the Alipay app, owned by fintech giant and Alibaba affiliate Ant Group, and Tencent's WeChat app.

The Shanghai government, Ant and Tencent did not immediately respond to requests for comment. XJP declined to comment when reached on Breach Forums.

Advertisement

"I'm not ready to answer questions yet as I have a lot more to drop," XJP said.

The purported Suishenma breach comes after a hacker last month claimed to have procured 23TB of personal information belonging to one billion Chinese citizens from the Shanghai police.

That hacker also offered to sell the data on Breach Forums.

The first hacker was able to steal data from the police as a dashboard for managing a police database that had been left open on the public internet without password protection for more than a year, the Wall Street Journal reported, citing cyber security researchers.

The newspaper said data was hosted on Alibaba's cloud platform and Shanghai authorities had summoned company executives over the matter.

Neither the Shanghai government nor the police nor Alibaba have commented on the police database matter.

Chinese regulatory bodies have in the past two years announced a barrage of new rules strengthening oversight over the private sector's management of user data, after years of complaints by residents about how their personal data could be easily stolen or sold.

A screenshot of XJP's offer on Breach Forums went viral on Chinese social media on Friday, prompting several Weibo users to weigh in on this latest leak and its broader implications, as well as question what sort of action would be taken.

"Data leaks in China are really no longer uncommon news," said one.

© Thomson Reuters 2022


What should you make of Realme's three new offerings? We discuss them on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Hacker, Covid 19, Tencent, Alibaba
Advertisement

Related Stories

Popular Mobile Brands
  1. Asus Vivobook 15 (2026) Launched in India Ahead of Amazon, Flipkart Sale Events
  2. Samsung Galaxy S27 Ultra Could Pack Bigger Battery Than iPhone 18 Pro Max
  3. Amazon Prime Day 2026 Sale Is Live: Best Tech Deals
  4. Alienware 15 Arrives in India as Dell's Most Affordable Gaming Laptop Yet
  5. Flipkart GOAT Sale: Top Early Deals on Smartphones, Tablets and More
  6. Vivo X500 Camera Details Surface Online After X500 Pro Max Leaks
  7. Apple May Equip iPhone 18 Pro With Different Modems, Based on Regions
  1. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  2. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  3. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  4. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  5. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  6. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  7. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  8. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  9. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
  10. Redmi 17 5G NCC, SIRIM Certification Listings Reportedly Reveal Battery and Charging Details
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.