Enjoying our content? Subscribe:
Top 14 Cybersecurity Breaches in China
Learn about the state of cybersecurity in the China and the 14 biggest breaches in this country.
At present, organizations in China cover a whole range of industries, including financial and banking, eCommerce, IT, healthcare, tourism, manufacturing, and many more. Regardless of the companies' size and operation specifics, all those enterprises utilize and store petabytes of sensitive data – customer data, banking information, technologies, etc – that has always been a tempting target to hackers and criminals.
According to Surfshark, in 2021 China reported about 12.9 million breaches which, compared to the US (212.4m), Iran (156.1m), and India (86.6m), indicates the country has significantly strengthened digital security. Today, China's total data breach number is similar to Italy, Germany, Spain, UAE, and Australia – it's quite indicative, considering the countries' size and the number of operating companies in it.
The robust security of organizations in China is also explained by the strong focus on five major components – three regulations and two add-on focus points:
In this article, cyberlands.io experts will analyze the experience of the most notable incidents related to digital security in China, covering their causes and outcomes. As a result, you'll be able to get some more insights into the common strategies used, vulnerabilities, and data targeted, as well as how to protect your enterprise from cybercriminals.
According to Surfshark, in 2021 China reported about 12.9 million breaches which, compared to the US (212.4m), Iran (156.1m), and India (86.6m), indicates the country has significantly strengthened digital security. Today, China's total data breach number is similar to Italy, Germany, Spain, UAE, and Australia – it's quite indicative, considering the countries' size and the number of operating companies in it.
The robust security of organizations in China is also explained by the strong focus on five major components – three regulations and two add-on focus points:
- Cybersecurity Law (CSL), dated June 1, 2017 – aimed to establish a universal regulatory regime for cybersecurity and data protection in China.
- Multi-level Protection Scheme (MLPS), effective on December 1, 2019 – cybersecurity compliance standard that must be applied by all domestic and foreign companies operating in China.
- Critical Information Infrastructure (CII), updated in October 2021 – aimed to protect network facilities and information systems in China that in case of any incident, may affect the performance of national security, national economy, people's livelihood, or public interest.
- Data Security Law (DSL), dated September 1, 2021 – focused on any data that, if leaked, may impact China's national, economic, or public security, public health, or social stability.
- Personal Information Protection Law (PIPL), effective in November 2021 – any data that refers to a person's name, address, date of birth, ID number, phone number, or biometrics.
In this article, cyberlands.io experts will analyze the experience of the most notable incidents related to digital security in China, covering their causes and outcomes. As a result, you'll be able to get some more insights into the common strategies used, vulnerabilities, and data targeted, as well as how to protect your enterprise from cybercriminals.
#1 Alipay Uncovers a Massive Data Leakage of Personal Information
China's largest third-party payment platform revealed a massive data leakage that occurred in January 2014, resulting in revealing sensitive information. According to the official statements, the leaked data included transaction information dated before 2010.
Upon the incident discovery, Alipay immediately informed the affected parties and Chinese regulators and initiated an internal investigation to define the details of this incident. The company highlighted that the data leakage hasn't affected the login credentials of users, which are stored in a "sophisticated method that is not available to anyone".
Upon the incident discovery, Alipay immediately informed the affected parties and Chinese regulators and initiated an internal investigation to define the details of this incident. The company highlighted that the data leakage hasn't affected the login credentials of users, which are stored in a "sophisticated method that is not available to anyone".
#2 Cathay Pacific Suffers a Significant Data Breach: 9.4 Million Customers Affected
In October 2018, Hong Kong-based Cathay Pacific Airways announced its internal system, which stores the personal data of over 9.4 million passengers, was breached by attackers.
The suspicious activity within the system was initially noticed in March. As a result of the investigation, security experts have discovered that hackers accessed the client data containing personal data, membership information, customer service remarks, and historical travel information. Unfortunately, attackers have also managed to gain access to 403 credit card numbers, with some of those – including the CVV information.
After the incident was discovered the company informed the affected parties, urged all the affected clients to request a new card issuing, and informed their clients about improving the system security.
The suspicious activity within the system was initially noticed in March. As a result of the investigation, security experts have discovered that hackers accessed the client data containing personal data, membership information, customer service remarks, and historical travel information. Unfortunately, attackers have also managed to gain access to 403 credit card numbers, with some of those – including the CVV information.
After the incident was discovered the company informed the affected parties, urged all the affected clients to request a new card issuing, and informed their clients about improving the system security.
#3 WeChat and QQ's 364 Million Chinese Users' Data Leaked Online
The incident came to be known in March 2019, though wasn't confirmed for a while once it came out to publicity. The data patterns exposed from popular Chinese social messaging networks – QQ and WeChat – contained different types of user data, including Chinese citizen ID, user images, addresses, GPS location data along with personal messages.
As per the report from the Financial Times, the identities and other personal data of 300 million Chinese users could be accessed online with only the IP entered.
The cybersecurity investigation initiated by Gevers has discovered the data was distributed to over 17 different servers after being accessed. The unconfirmed shreds of evidence hinted the data patterns refer to users who don't follow censorship in China and are regularly submitted to the police stations in different regions across the country.
As per the report from the Financial Times, the identities and other personal data of 300 million Chinese users could be accessed online with only the IP entered.
The cybersecurity investigation initiated by Gevers has discovered the data was distributed to over 17 different servers after being accessed. The unconfirmed shreds of evidence hinted the data patterns refer to users who don't follow censorship in China and are regularly submitted to the police stations in different regions across the country.
#4 Hacker Selling Data of 538 Million Weibo Users
After the massive breach in the summer of 2019, the personal details of over 538 million users of the Chinese social network Weibo were exposed for sale online. The incident became known after the hacker breached the company's user database storing the real names, site usernames, gender, location, and phone numbers, and stole the data for profit.
The passwords were not included, which explains the comparatively low price for the Weibo data – the hacker is selling it for only $250.
In its statement, Weibo said the user passwords are not stored in plaintext so the users should have nothing to worry about. However, the company failed to explain why the attacker managed to obtain the personal data which obviously came from an SQL database, as well as how the hacker obtained more specific user details such as gender and location, which is not public, nor returned by the API when matching contacts.
The passwords were not included, which explains the comparatively low price for the Weibo data – the hacker is selling it for only $250.
In its statement, Weibo said the user passwords are not stored in plaintext so the users should have nothing to worry about. However, the company failed to explain why the attacker managed to obtain the personal data which obviously came from an SQL database, as well as how the hacker obtained more specific user details such as gender and location, which is not public, nor returned by the API when matching contacts.
#5 Zhenhua Data Leak Reveals Scraping the Data of Over 2.4 Million People
In September 2020, several companies uncovered a problem of massive scraping of personal data from social media sites and other public platforms. According to the official sources, Zhenghua, a Chinese company with links to Beijing's military and intelligence networks has exposed a vast database of detailed information of over 2.4 million users across the globe.
It's worth mentioning that the database covered influential individuals and institutions, among which are politicians, celebrities, royal families, and military figures.
The independent case studies have uncovered the primary purpose of the data collection was "to provide grist for Chinese Communist Party's information operations", though the Zhenghua company itself denies the data scraping, claiming that "it's research performed for the private organizations and business groups".
It's worth mentioning that the database covered influential individuals and institutions, among which are politicians, celebrities, royal families, and military figures.
The independent case studies have uncovered the primary purpose of the data collection was "to provide grist for Chinese Communist Party's information operations", though the Zhenghua company itself denies the data scraping, claiming that "it's research performed for the private organizations and business groups".
#6 Chinese Startup SocialArks Leaked 318 Million Private Records
In January 2021, massive leakage of over 400GB of personally identifiable information (PII) was reported by one of the Chinese social media management startups, SocialArks. The data leakage scrapped a variety of popular social media networks, including Facebook, Instagram, and LinkedIn, affecting over 214 million users worldwide. Overall, the information exposed included the victims' phone numbers and email addresses, profile pictures, follower numbers, Messenger IDs, and usernames of other linked social media accounts.
An official investigation has confirmed that the practice of data scraping is unethical and violated the policies of all the affected social networks. What is more, the leakage revealed different types of personal data of users who never publicly provided such information on their profiles.
Though SocialArks has never commented on this incident, the company secured the database upon notification.
An official investigation has confirmed that the practice of data scraping is unethical and violated the policies of all the affected social networks. What is more, the leakage revealed different types of personal data of users who never publicly provided such information on their profiles.
Though SocialArks has never commented on this incident, the company secured the database upon notification.
#7 Alibaba Data Breach Exposed 1.1 Billion Pieces of User Data
Usernames, mobile numbers, and other personal data were exposed as a result of the Chinese-based eCommerce platform breach in June 2021. According to officials, the Taobao shopping website has been breached by the unnamed developer and his employer, who were later on sentenced to imprisonment for over three years each and fined $49,650 and $14,200 correspondingly due to the compromising of the personal information of citizens.
The incident was identified a few months after the breach, the company immediately informed the authorities which benefits tracing criminals and the overall investigation as well.
The incident was identified a few months after the breach, the company immediately informed the authorities which benefits tracing criminals and the overall investigation as well.
#8 Harbour Plaza Hotel Informs About a Massive Data Leakage of 1.2 Million Clients
In December 2021, the HPHM informed its clients about a major data security incident that affected some of the internal systems. Once the system breach was discovered, the company initiated an investigation to determine its scope and details. According to the official information, hackers could gain access to some of our hotels' accommodation reservation databases, but it's still unclear what data has leaked.
Upon the incident discovery, official representatives issued specific recommendations to its clients: asked to check for unauthorized transactions, suspicious email logins and to change their passwords.
Upon the incident discovery, official representatives issued specific recommendations to its clients: asked to check for unauthorized transactions, suspicious email logins and to change their passwords.
#9 Northwestern Polytechnical University Reported a Major Attack on Its Email System
One of the leading Chinese aviation universities was found to have been attacked by the US National Security Agency (NSA) in June 2022, which became known with the official protest from the Chinese Foreign Ministry.
An official police statement released by the Beilin Public Security Bureau in Xi'an stated that the attackers used a phishing method with a hidden Trojan malware. By obtaining email login details, ransomware could access scientific evaluation, thesis defense, and information on foreign travel.
Additionally, the investigation has identified the attack was conducted by the Tailored Access Operations (TAO) – the largest and most NSA division aimed to secretly access insider information and key infrastructure of its competitors.
An official police statement released by the Beilin Public Security Bureau in Xi'an stated that the attackers used a phishing method with a hidden Trojan malware. By obtaining email login details, ransomware could access scientific evaluation, thesis defense, and information on foreign travel.
Additionally, the investigation has identified the attack was conducted by the Tailored Access Operations (TAO) – the largest and most NSA division aimed to secretly access insider information and key infrastructure of its competitors.
#10 Didi Was Fined $1.2 Billion Over Significant Data Security Violations
Beijing-based startup Didi was issued a fine of $1.2 billion by the Cyberspace Administration of China (CAC) in July 2022. This resulted in a huge drop in the company's stock price and its delisting from the US stock market.
According to the official comments from CAC, Didi has violated PIPL regulations: the company collected user information since 2015 and utilized it in a way that could potentially undermine the national infrastructure and data security.
The fine is equal to over 4% of the company's annual income and was not the only penalty issued to Didi. CAC has also initiated two fines of $148,000 each to Didi's founder and President due to the incident.
According to the official comments from CAC, Didi has violated PIPL regulations: the company collected user information since 2015 and utilized it in a way that could potentially undermine the national infrastructure and data security.
The fine is equal to over 4% of the company's annual income and was not the only penalty issued to Didi. CAC has also initiated two fines of $148,000 each to Didi's founder and President due to the incident.
#11 Unprecedented Data Leakage Affected Over 1 Billion Users
Another major cybersecurity incident that occurred in July 2022 was uncovered by Shanghai's police department, which reported data leakage of almost 1 billion citizens. According to the recent updates, the immense breach was the first of this size to hit the Chinese government and affected the data containing names, phone numbers, government ID numbers, and police reports.
An internal investigation has shown that the reason for the leakage was the management dashboard – up to the present it was publicly accessible from the Internet with no security layers set. As a result, this cost the department about $200,000 and the governmental representatives still work on the incident troubleshooting and security improvements.
An internal investigation has shown that the reason for the leakage was the management dashboard – up to the present it was publicly accessible from the Internet with no security layers set. As a result, this cost the department about $200,000 and the governmental representatives still work on the incident troubleshooting and security improvements.
#12 Chinese Database Storing Faces and Vehicle License Plates Reported a Breach
In August 2022, the Hangzhou-based Xinai Electronics company specialized in building systems for controlling access for people and vehicles exposed over 800 million records, resulting in the second largest data leakage in China over the year. The leaked database contained an alarming amount of records and full web addresses of image files hosted on Xinai's domains. Those included construction workers entering building sites and office visitors checking in, vehicle license plates, and other personal information, which is highly protected by China's PIPL regulation.
The incident occurred inadvertently as a result of human error and is pretty similar to the Shanghai incident explained previously. Xinai's exposed data was left unencrypted and easily available on the web.
The incident occurred inadvertently as a result of human error and is pretty similar to the Shanghai incident explained previously. Xinai's exposed data was left unencrypted and easily available on the web.
#13 Personal Data of 48.5 Million Users from Shanghai's COVID App Offered for Sale
The hacker with the username "XJP" posted an offer to sell the personal information obtained from Shanghai's COVID health code mobile application for $4,000. The incident occurred in mid-August 2022 and was so far the second claim of a breach of the Chinese financial hub's data in just over a month.
To prove the intention, the criminal has exposed the sample of data containing the phone numbers, names, Chinese IDs, and health code status of 47 victims. So far, 11 of the affected victims confirmed the data's credibility. The data is managed by the city government and users access the app via the Alipay system and WeChat app.
So far, the Shanghai government hasn't commented on the incident updates.
To prove the intention, the criminal has exposed the sample of data containing the phone numbers, names, Chinese IDs, and health code status of 47 victims. So far, 11 of the affected victims confirmed the data's credibility. The data is managed by the city government and users access the app via the Alipay system and WeChat app.
So far, the Shanghai government hasn't commented on the incident updates.
#14 TikTok Hijacked with Over 2 Billion Users Affected
The news of a possible Chinese video app TikTok came to public attention on September 6, 2022. The company's spokesperson said that the hack has affected the database records of nearly 2 billion users, the recovery of which is still under question.
Upon the incident discovery, some of the cybersecurity experts have tweeted to change the TikTok password and enable Two-Factor Authentication to prevent any unauthorized activities on the personal account. According to the analysts, the breach occurred on one of the insecure servers that propelled access to TikTok storage containing user data.
Currently, the incident is still actively being investigated by the TikTok security department.
Upon the incident discovery, some of the cybersecurity experts have tweeted to change the TikTok password and enable Two-Factor Authentication to prevent any unauthorized activities on the personal account. According to the analysts, the breach occurred on one of the insecure servers that propelled access to TikTok storage containing user data.
Currently, the incident is still actively being investigated by the TikTok security department.
Final Words
As you can see, even highly developed countries with an extensive focus on cyber safety, such as China, cannot be 100% protected from breaches. However, continually learning from other companies' experiences and discovering the latest strategies used by criminals will help enterprises to improve their digital security and reduce the chance of unauthorized access, data leakage, and other incidents.
Searching for ways to strengthen your company's security, need a pentest report or comprehensive security audit to eliminate the existing vulnerabilities? Contact the CyberLands team to get professional assistance in any security-related field. Our expert cybersecurity specialists have years of dealing with incidents of different types, scopes, and complexity, and are always here to help!
Searching for ways to strengthen your company's security, need a pentest report or comprehensive security audit to eliminate the existing vulnerabilities? Contact the CyberLands team to get professional assistance in any security-related field. Our expert cybersecurity specialists have years of dealing with incidents of different types, scopes, and complexity, and are always here to help!
Cyberlands.io Team