Chinese data breach

Binance CEO CZ tweeted that their threat intelligence had discovered resident records for sale on the dark web, without citing the country. CZ attributed the data breach to a bug in a state agency’s software using an “Elasticsearch” algorithm.

Twenty-three terabytes of stolen data consisting of personal information and criminal case information were reportedly stolen from a police station database in Shanghai, China. The hacker offered the information on a dark web forum for ten bitcoins.

The Elasticsearch algorithm is used to quickly examine massive data sets and return answers in a fraction of a second. The algorithm pools data from various sources. Data from social media posts and emails to company spreadsheets may all end up in an Elasticsearch data bucket. While this is good access to a wealth of enterprise information, it becomes equally a tempting prospect for cybercrooks.

Information from the forum where the data was posted indicates that the attack targeted an instance of Elasticsearch on the cloud platform of an Alibaba subsidiary used by the Shanghai police.

CZ noted that the leaked data had implications for Binance users since the data in question could be used to take over accounts. The cryptocurrency exchange has now taken steps to solidify its user verification processes. CZ further added that Binance uses internal and outsourced threat detection.

Cybersecurity experts concerned

News of the hack sent fear throughout the Chinese security industry, triggering speculation on how it could have happened. Shanghai police are yet to make any public statement. Cybersecurity experts that have weighed in on the issue expressed concerns about the hack’s size and the sensitivity of the stolen information, which includes criminal activity details.

According to the Wall Street Journal, some journalists downloaded the list and called phone numbers to check the validity of the information. Five people verified criminal information only the police could access, while four confirmed their identity before hanging up.

Threat to the crypto world

While hacks of Decentralized finance (DeFi) protocols involve the theft of massive sums of money, such as the breaches on Axie Infinity’s Ronin bridge as well as Harmony’s Horizon bridge, data leaks are a bigger threat to customers of centralized crypto exchanges. Exchanges are required by law to collect user information to combat money laundering and terrorism financing, which could easily be exposed on the dark web in the event of a similar security breach.

Join our social channels for news and discussions on everything crypto-related. Want to discover more amazing projects? Check out the Reviews and Crypto World category. If you are new to crypto, visit the Education category and get started with your first project.

We strive to educate, grow and help as a community with no borders. We support equality of genders, races, and colors and we want to touch the whole world.

Leave a Reply

Your email address will not be published.