A hacking forum user recently posted more than a million pieces of personal information that allegedly comes from some of China’s biggest financial institutions. The data, published on RaidForums, includes names, monthly incomes, ID cards, addresses, and phone numbers.
A couple banks are already denying the authenticity of the data. Industrial Bank told local media outlet 21st Century Business Herald on Tuesday that the data does not match their customer list, and it wouldn’t exclude the possibility that the information is forged. Ping An Insurance also said the data is forged. And the Agricultural Bank of China said it was investigating the claims.
But a RaidForums staff member told Abacus they believe “the data he is selling is real as he has sold it to many happy customers.” The person added that the forum has nothing to do with the sale and doesn’t profit from it.
On its Facebook page, though, RaidForums boasts about its dedication to leaked data. The forum describes itself as a place for “Twitch raiding and the 4chan community.” It adds that it likes to “dump databases from hacked websites and light up your day with cancer.”
Other financial institutions listed in the two posts from the person selling the data include Shanghai Pudong Development Bank and China Merchants Bank. And in addition to Ping An, major insurance companies AIA Group and China Life are mentioned, too.
The user also claims to be offering data from “China Air” (possibly a reference to Air China), the national primary and secondary school teacher database, a local mother and baby forum (including the ages of the babies), and a database of 200 Chinese CEOs.
Chinese users are hardly the first ones to have their info show up on this forum. The UK’s Financial Conduct Authority warned in January that some of its data was found on RaidForums. And Vietnam News Agency reported this month that 41 million local Facebook accounts were posted on the site.
Data leaks are an ongoing concern in China. Last November, 468 million pieces of personal data were leaked from financial lending databases. A year before, local hotel group Huazhu discovered that information on 130 million of their clients was for sale on the dark web for 8 bitcoins (then worth USD 56,000), making it one of the largest data breaches in the country.
The leaks have made Chinese internet users concerned about their personal privacy. Local regulators have gotten involved too, with some app makers being reprimanded last year for collecting too much data.
This article first appeared in Abacus News.