The now-closed post on the forum specified, “In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many terabytes of data and information on Billions of Chinese citizens. Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID Number, mobile number, all crime/case details.”
According to the individual or group of hackers going by the online username ChinaDan, this data was stolen from Alibaba’s Aliyun private cloud server, which the Shanghai National Police are using to maintain its database. Although neither Alibaba nor the Shanghai police department has confirmed any such incident, the claim by ChinaDan has revived longstanding concerns about the data privacy practices and data security solutions employed by third-party service providers.
It is estimated that the total size of the database is around 24 Terabytes (TB). To back the claim, the individual or the group has also shared three sample datasets containing around 750,000 files from the alleged database. The first dataset allegedly contains a list of delivery addresses, whereas the second set contains details of police call records, and the third set is a mixed list containing information about national IDs, gender, height, criminal records, and other personally identifiable information.
If the database is real, this may well be the biggest-known data breach in China’s history. Back in 2020, an anonymous cybercriminal obtained personal data, including real names, usernames, phone numbers, location, and gender, of more than 538 million user accounts of China’s largest social media platform, Sina Weibo. This massive data dump was reportedly sold on the dark web for just $250.
The Need For On-Chain Privacy Across Web3
As the news of the massive data breach spread, Kenny Li, COO and co-founder of web3 privacy company Manta Network, took to Twitter to underline the need for data privacy and how Web3 can raise the bar. Kenny stresses that the need of the hour is self-sovereign privacy. According to Li, without it, Web3 will also become a victim of regular data breaches, given the transparent record-keeping nature of most on-chain transactions.
While Manta has already rolled out several privacy-focused solutions, Li notes, “No, web3 privacy is not solved. Pseudonymous wallet addresses are not enough. It just means that every user is one dox away from any attacker gaining access to their identity and full on-chain history.”
Li iterates that as more use-cases continue to emerge across the Web3 ecosystem, on-chain privacy won’t be limited to transactions. Still, it will gradually replace Web2, especially regarding users’ on-chain identity. In this context, the wide range of decentralized applications (dApps) is already collecting massive amounts of user data, most of which are publicly available. Without adding a privacy layer to these publicly available user records, anyone with an internet connection can readily access any user’s on-chain history and identity.
Legacy solutions like the Bitcoin network played a key role in furthering the concept of trustless verifiability. However, with the blockchain ecosystem expanding at a much faster pace than expected, these solutions can only help protect users’ privacy to an extent.
Unlike Web2, where users have no control over their personal data, Web3 should include fundamental solutions that give back users total control over their data - how they share it, who they share it with, and how much they share. Kenny concludes, “Without privacy built into web3 on a fundamental level, I see no way for it to scale to 1B+ users. Today, we witness a large-scale exploitation of 1B people. We can't give that power to anyone with an Internet connection. Let's fight for a better web3.”
Built on the Polkadot blockchain ecosystem, Manta Network offers end-to-end data privacy using blockchain-native solutions like zkSNARKs and Groth16 by incorporating an additional privacy layer across all Web3 and DeFi applications. Compared to other existing privacy solutions, Manta is a layer-1 solution.
This means that, unlike layer-2 solutions, the privacy-preserving feature is part of Manta’s core architecture and doesn’t rely on another blockchain, giving users and organizations the ability to better secure (and obfuscate) sensitive data that gets recorded on public ledgers across the blockchain ecosystem.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice