The personal details of more than 100 Australian citizens — including a former federal MP — are among those exposed by a hacker in a huge leak of records stolen from Chinese police authorities.
The hacker is attempting to sell the personal information for 10 bitcoins (about $300,000).
The leaked police reports shed light on treatment of Uyghurs and other minorities. It is believed the data span more than 20 years.
Last week, a hacker claimed in an online forum that they had stolen 1 billion records, mostly belonging to Chinese citizens, in an ongoing bid to sell the information for 10 bitcoins, or almost $300,000.
The reports provide a rare insight into how authorities crack down on political dissent and persecute minorities in China, including Uyghurs and Falun Gong practitioners.
That hacker posted three sample data sets online, amounting to 750,000 individual records.
The ABC called 20 individuals in China who were identified in the leak to confirm the authenticity of the police reports.
Cybersecurity experts and other media have also verified some of the data from the 23-terabyte database.
However, the overall size of the files and the data breach have not been confirmed by Chinese authorities, who remain tight-lipped.
In one Shanghai police file that has 250,000 entries, the ABC found personal details of a former Australian federal MP, who had called police to report a theft from the boot of a car in 2004.
The ABC has contacted the individual but has not received a response.
Dozens of Australian citizens were also identifiable in that data set, along with their passport details, home addresses, birthdays and police reports.
More than half of the Australian records were related to failure to register with local police within 24 hours of their arrival in China, a requirement of China’s Exit and Entry Law, which came into effect in 2013.
In one of her last Facebook posts before she disappeared, Cheng Lei’s thoughts turned to her children in Australia. On the one-year anniversary of her detention, media colleagues are calling for her release.
China’s Cyberspace Administration, Australia’s Department of Foreign Affairs and Trade, the Australian Federal Police and the Australian Cyber Security Centre have all been contacted for comment.
All mentions of the leak were censored on popular Chinese social media platforms Weibo and WeChat.
On Weibo — the Chinese equivalent of Twitter — the Chinese keywords “Shanghai database” and “data breach” have been banned since last week, but posts questioning the authenticity of the database that avoided those key words remain online.
Robert Potter — the co-founder of cybersecurity firm Internet 2.0 — told the ABC he had assessed the data sets and they appeared to be authentic because the records are like other Chinese government data systems he has evaluated in the past.