A dark web marketplace forum has recently exposed a major Chinese data breach, resulting in the leak of a substantial amount of sensitive information.
The breach appears to have primarily affected Chinese citizens. The threat actor behind this breach, known by the alias “mrwan,” has posted 20 different databases for sale, containing a wide array of personal and sensitive data.
They have leaked information includes home addresses, English names, birthdays, phone numbers, and other critical details, with records ranging from a few hundred thousand to over 96 million phone numbers.
A wide range of individuals are affected by the leaked databases, covering various categories of the population.
This includes ordinary citizens, casino players, financial investors, housewives, individuals seeking companionship, and adult actresses.
In the data, there are accumulated funds of Chinese citizens, property locations of real estate owners, and even border control data from Hong Kong SAR residents.
The leak has raised concerns about the potential harm it could cause to those affected. The data could be used by cybercriminals, opportunists, or even foreign intelligence agencies for malicious purposes.
The databases contain different sets of information, which vary in sensitivity and volume. For instance, one of the largest databases includes approximately 96 million phone numbers and ID numbers of Chinese citizens.
In addition to the aforementioned data, various databases also contain valuable information like complete names and identification numbers of mobile phone users, email addresses, financial assets, and even records of property ownership.
Here is the full extent of the leaked Chinese databases:
- Loan Database: 5.7 million records containing loan-related information.
- Hong Kong SAR Residents Data: Full personal details of residents.
- Chinese Casino Database: ~1 million mobile phone numbers, full names, and email addresses of casino patrons.
- Property Owners Database: 3 million records with mobile phone numbers of real estate owners.
- 2024 Accumulated Funds Database: Financial data detailing the accumulated funds of Chinese citizens.
- Loan Database (Additional): 448,000 unique mobile phone numbers, full names, and IDs.
- 2024 Casino Database: Specific details on casino visitors.
- iPhone and Huawei Users Database: 62 million iPhone iOS users and 13 million Huawei users' information.
- Chinese Citizen Leak (April 2024): ~96 million records including mobile phone numbers and ID numbers.
- Citizen Email Database: Email addresses of Chinese citizens.
- iPhone Users Email Database: ~7.6 million email records of iPhone iOS users.
- Marriage and Friendship Seekers Database: Data on individuals seeking marriage or friends.
- Adult Entertainment Users Database: ~13 million records of adult content consumers.
- Financial Investors Database: ~65 million records of financial investors.
- Citizens Insurance Database (2024): Insurance-related data.
- Parents of Online Learners Database: ~40 million records of parents involved in online learning courses.
- Housewives Database: ~1 million records of housewives/stay-at-home moms.
- Bank Customers Database: 2.3 million records including mobile phone numbers and IDs.
The threat actor, mrwan, uploaded these databases for sale on BreachForums, a notorious dark web forum known for trading leaked data.
To prove the legitimacy of the data, Mrwan shared sample lines from every listing. The sale price of these databases has not been revealed, but the threat actor has noted that these transactions will be conducted solely in cryptocurrency, such as Bitcoin, USDT, and LTC, through a trusted middleman or escrow service.
Subscribe to our newsletter
The databases were listed for sale simultaneously, although the exact date of the breach or the duration of the sale on BreachForums has not been specified.
The scale and nature of this breach are causing significant concern, given the extensive amount of sensitive information that has been compromised.
As of time of writing, there has been no official statement from the Chinese government or relevant authorities regarding the breach.