A huge online database containing what appears to be the personal information of up to 1 billion Chinese citizens has remained insecurely accessible to the general public for more than a year, prompting an anonymous user on a hacker forum to offer to sell the data. attracted wider attention last week.

Cybersecurity experts say the operation could be one of the largest leaks ever reported, highlighting the dangers of collecting and storing vast amounts of sensitive personal data online, especially in a country where authorities have extensive and uncontrolled access to that data.

According to LeakIX, which discovers and indexes public online databases, since April, this massive amount of Chinese personal data has been publicly accessed through an insecure backlink (a short web address that provides unlimited access to anyone familiar with it). 2021 at least.

Access to the database, which does not require a password, was closed after an anonymous user announced the sale of more than 23 terabytes of data for 10 bitcoins (nearly $200,000) in a post on a hacker forum last Thursday.

The user claimed that the database was compiled by the Shanghai police and contained sensitive information about one billion Chinese citizens, including their names, addresses, mobile phone numbers, national identification numbers, age and place of birth, and billions of phone number entries. calls to the police with a statement about civil disputes and crimes.

The seller also claimed that the unsecured database was hosted on the cloud computing systems of Alibaba, a subsidiary of Chinese e-commerce giant Alibaba.