According to Liberty Times Net, a hacker claims to have obtained the personal information of 48.5 million users of a COVID-19 health QR code app operating in Shanghai, China.
For the second time in over a month, hackers have gained access to the Shanghai database.
On Wednesday, a hacker who goes by the username XJP posted on Breach Forums that the data is for sale for $4,000.
The hacker provided a data sample, including the phone numbers, names, Chinese ID numbers, and health code status of 47 people.
Reuters contacted 11 of the 47 people, who confirmed that their information was indeed among them, but two said their ID numbers were incorrect.
Shanghai QR Code (called Suishenma) is the Chinese name for Shanghai’s health code system, established in early 2020 to combat the spread of COVID-19. It is mandatory for all residents and tourists in Shanghai, which has a population of 25 million.
The Shanghai Suishencode app collects traveler data and gives people a red, yellow, or green rating indicating the likelihood of contracting the virus. Users must show the code to enter public places.
The Shanghai Suishen code contains information about everyone who lives in or has visited Shanghai. Hacker XJP said in a post that the initial price was $4,850. It was sold for a lower price later in the day.
It is known that the city authorities manage the data and users access Suishen codes through Alipay, owned by fintech giant Alibaba subsidiary Ant Group, and WeChat apps, owned by Tencent Holdings.’
According to Reuters, XJP, Shanghai authorities, Ant Group, and Tencent did not immediately respond to requests for comment.