A hacker claims to have obtained the personal information of 48.5 million users of the city of Shanghai’s COVID health code mobile app, the second claim of a data breach in the Chinese financial hub in less than a month.
On Wednesday, a hacker going by the handle ‘XJP’ offered to sell the data for $4,000 on the hacker forum Breach Forums.
The hacker provided a sample of the data, which included 47 people’s phone numbers, names, Chinese identification numbers, and health code status.
Eleven of the 47 people contacted by ‘Reuters’ confirmed their inclusion in the sample, though two said their identification numbers were incorrect.
‘This DB (database) contains everyone who has lived in or visited Shanghai since Suishenma’s adoption,’ XJP wrote in the post, which initially requested $4,850 before lowering the price later in the day.
Suishenma is the Chinese name for Shanghai’s health code system, which the 25-million-person city, like many others in China, implemented in early 2020 to combat the spread of COVID-19. It must be used by all residents and visitors.