Amid escalating tensions between China and Taiwan, Chinese hackers have allegedly stolen data of nearly six million Taiwanese. The largest data breach in the country's history, Chinese hackers targeted a Taiwanese job bank and sold the data on the dark web as per authorities.
With Taiwan's workforce is around 12 million, it means hackers got away with data of half of the employable citizens. The data breach was detected last week before the country's mid-Autumn festival holidays that began on October 1. The country's information security researchers stumbled upon the data breach after carrying out an in-depth search for illegal transactions on the dark web, which can only be accessed via specific software and configuration.
During the search, authorities found an account named "rootkit" was selling around 35 data sets for $500 to $1,000 for each. After further investigation, officials said that the hackers were from China as they communicated in the dark web forums in simplified Mandarin, claiming that they were able to hack into a popular Taiwanese online job site 104 Job Bank and were willing to sell the data.
'Old Data'
The leaked data included name, date of birth, email ID, applicants' ID number, mobile number and home address of 5,924,397 victims all aged between 20 and 58. However, 104 Job Bank on Monday issued a statement saying that the discovered data set was old and from 2013. But it was carrying out further investigations to understand the total amount of data and if it contained any current information.
The company added that it had informed Taipei's Department of Labor. But many of the old information such as email ID, mobile number and house address don't change for many years, meaning that victims will be vulnerable to further phishing attacks.
However, 104 wasn't the only victim. As per Taiwan's popular forum, PTT, another online job bank, 1111 was also targeted and data of 3.92 million Taiwanese was leaked online. While netizens claimed the data was more detailed and from 2019, 1111 also claimed that it was old that was breached nine years ago. The company said that it has since strengthened its network security. However, it has also set up a fund of 200 million yuan to compensate those whose data was leaked.
Increased Activity of Chinese Hackers
The data breaches are just two of Chinese hackers' recent activities amid escalating tensions between China and Taiwan and also China and the U.S. Interestingly, many data breaches and ransomware attacks in the U.S. and Europe have also been linked to Chinese hacker groups.
In a recent report, Facebook claimed that it had found a sophisticated malware attack that could hijack user accounts and post fake ads. The SilentFade malware secretly accessed browser cookies for session tokens and obtained Facebook login credentials and posted ads on the social media platform for counterfeit goods.
Last month, another Chinese hacker group named APT41 was charged by the U.S. Department of Justice for cyberattacks on American companies. Five members of the group — Zhang Haoran and Tan Dailin, Jiang Lizhi, Qian Chuan, and Fu Qiang — were also named in the court documents.
Apart from the two, another Chinese hacker group was accused of cyberattacks on Coronavirus vaccine research data in Canada, the U.S. and the U.K. American authorities alleged that the hackers were targeting Moderna's vaccine research data.