City of Shanghai Health App Hack Affects over 48.5 Million Mandatory Users.

September 30, 2022

INCIDENT

A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub's data in just over a month.The hacker with the username as "XJP" posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday. The hacker provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.

The app collects travel data to give people a red, yellow or green rating indicating the likelihood of having the virus and users have to show the code to enter public venues. All residents and visitors have to use it.

Incident Date

August 1, 2022

Location

China

Estimated Cost


No cost values disclosed.

Type of Malware

No Malware identified

Threat Source

No threat source identified