Do you know what causes the most cyber incidents worldwide?
If you've been working in cybersecurity for more than a week, you probably know the answer to this. It's the human element. No matter how hard we push for automation and utilize new technologies, we just can't seem to escape our own flaws.
Verizon's 2022 Data Breach Investigation Report showed that 82% of breaches last year were in part due to human error. This includes things such as phishing, use of stolen credentials, misconfiguration, and simple mistakes.
China now finds itself in the middle of one of the largest data breaches of all time after a government developer wrote a blog post on a popular forum that included the credentials to a police database.
Threat actors were able to get their hands on the data and have posted the 23 terabytes of data for sale on the Dark Web. In total, the leak includes the personal information of roughly one billion Chinese citizens.
Human error causes massive data breach
Chinese billionaire and Binance CEO Zhao Changpeng said earlier this week that Binance's threat intelligence team detected one billion records for sale on the Dark Web. He later shared that a government developer's blog post on the China Software Development Network (CSDN) accidentally included the credentials to a Shanghai police database:
Changpeng also shared that in response to the breach, Binance would be improving its user verification process.
The information in the data leak includes names, addresses, birthplaces, national IDs, phone numbers, and criminal case information of Chinese citizens.
The data was posted to Breach Forums, a well-known site for cybercriminals to buy and sell information, by an anonymous hacker(s) by the name of "ChinaDan," according to Threatpost. In the post, ChinaDan claimed to have downloaded the data from a cloud storage server hosted by Alibaba.
The seller was asking for 10 Bitcoin, roughly $200,000 at the time, for the entire data set.
This breach is a prime example of how the human element in cybersecurity can never be overlooked. Craig Lurey, CTO and co-founder of Keeper Security, spoke with Threatpost and shared his reaction to the data leak:
"This is the end result of a catastrophic failure to implement basic password management and secrets management. Secrets such as database credentials should never be hard-coded into source code, which is what caused the breach."
Lurey added that enterprise password managers allow organizations to establish strict, deliberate role-based access control (RBAC), along with privileged access to infrastructure, to protect sensitive data and secrets.
Chinese officials have not publicly commented on this incident.