What are the implications of this leak? How did leak of this magnitude stay on the internet for an entire year without anyone noticing? How was there no heightened network security measures despite occurance of numerous past leaks in China, especially considering this is the police force for one of the biggest and most developed cities gobally?People found that blog today (check the archive record), probably someone google searched the hostname provided in the breached selling forum and happened to find this credential floating on the web. It is entirely possible the hackers used another method or credentials to access the data. Regardless even with the credentials someone had to have internal network access to dump the entire database.
The data allegedly contains the ID number/name and basic info on every person in China (1.4 billion) which is entirely possible for Shanghai police dept to have. The ID/name/addresses were also confirmed by cross-referencing other leaked chinese databases.
The data allegedly also contains the police records of all the cases in Shanghai from 1949-2021? The sample leaks shows some and this is really embarrassing stuff.
There are no photos in the leak, but the json files gave the internal links to the photos. The hackers know transferring all the photos is way too much, just the text data is 23 TB.
Like many others on the internet, I think it is real but the seller has a political motive. 10 BTC for a 23TB leak of that sensitive info is way too less, China will hunt this guy for life. It was also released on Jun 30th (right before July 1st CPC birthday), even though the data was dumped in 2021 (nothing from 2022 showed up in the sample data). Historically nasty things have a habit of showing up before CPC party congresses.