Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Karen Hao Profile picture
@_KarenHao
Jul 6, 2022 11 tweets 3 min read Read on X
The Shanghai police data heist grows more insane: Experts say the database of nearly 1b Chinese citizens was not hacked—it simply had no password, allowing the thief to waltz in, wipe the data & leave a ransom note: "contact_for_your_data…recovery10btc." wsj.com/articles/china…
I spoke to two cybersecurity experts @vinnytroia & @MayhemDayOne who both run cybersecurity services that regularly scan the web for unsecured databases. They each discovered this database at different points earlier this year but didn't immediately realize what it was.
After the recent news about the leak, they went back through their notes and found an exact match to the description of the database that a user on a cybercrime forum is now selling—for the same price tag as the ransom amount: 10BTC.
Their notes show that while the database itself was protected on a private server, a dashboard for managing and accessing the data was set up on a public web address and left open without a password.
It effectively created an open door to the data vault, allowing anyone who stumbled upon it to export and edit the data unencumbered.

That door stayed open for over a year, from April 2021 all the way until mid June 2022, when a thief used it to wipe all the data for a ransom.
And even then—after the data went *missing*—the door continued to stay open for another ~2 weeks, until the vulnerability started getting widespread attention.
Troia says it's likely the same entity that took the data and is now peddling it. “What’s pretty common is if the ransom victim doesn’t pay the ransom, then they’ll try to sell the data off online,” he says.
These kinds of vulnerabilities are extremely common—but both Troia & Diachenko say this one is particularly unique for the sheer amount of data left unsecured. Troia called it "insane." Diachenko said he's never encountered anything larger than this one.
These new details put to rest another rumor that was gaining traction that the vulnerability could have been caused by a 2020 technical blog post that appeared to have inadvertently published the credentials to a Shanghai police server.
Troia & Diachenko point out that there were no credentials necessary to access this data, making the speculation unlikely.
If you missed it, you can read our first story here. wsj.com/articles/vast-…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Karen Hao

Karen Hao Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @_KarenHao

Karen Hao Profile picture
May 19
In 2019 I was the first journalist to embed within OpenAI to profile them. Afterwards they refused to speak to me for 3 years. Here's the story of what happened, and Altman’s reaction, excerpted from my book EMPIRE OF AI about the company (out May 20). 1/
technologyreview.com/2025/05/19/111…
At the time, most people didn’t know about OpenAI at all. But at @techreview, my colleagues and I had been following them closely. It was a strange organization. Nonprofit status. Co-founded by Musk & Altman. $1 billion in committed funding. No plans for commercialization. 2/
In 2018 & 19, that started to change with a slew of announcements. Musk stepped down. OpenAI started withholding its research. It shifted into the Frankenstein structure that many are now familiar with by nesting a “capped-profit” arm within the nonprofit. Altman became CEO. 3/
Read 10 tweets
Karen Hao Profile picture
Mar 26
Some news years in the making: My book EMPIRE OF AI, out May 20, is ready for pre-order at . It tells the inside story of OpenAI as a lens for understanding the moment we’re in: the tech elite's extraordinary seizure of power and its threat to democracy. 1/ empireofai.comImage
This book is the culmination of my ~7 years of reporting on AI for @techreview, @WSJ, and @TheAtlantic. It is based on 300+ interviews with ~260 people, including 150+ interviews with 90+ current & former OpenAI people, and an extensive trove of correspondence and documents. 2/
The book asks the central question: How do we govern AI? More importantly, *who* should govern it? AI is the most consequential technology of our era. The future of AI is thus inextricably tied to our future, and whether it will get better or worse. 3/
Read 15 tweets
Karen Hao Profile picture
Feb 23
Free speech no longer exists in the US government. For @TheAtlantic I spoke with 12+ federal workers in 6 agencies who said the Trump admin’s actions have led to pervasive self-censorship, even on issues some view as critical to national security. 1/
theatlantic.com/technology/arc…
Transitions of power have always led to changes in priorities, but that is not what the workers say they're witnessing. The executive orders, mass firings & internal comms amount to what some feel can only be described as the administration engineering ideological obedience. 2/
One example: After the inauguration, Secretary Marco Rubio sent an email to the State Department outlining its new priorities. He included the text below, accusing workers of censoring Americans while dictating the new "truth." A State employee described this as “Orwellian.” 3/ Screenshot of the article that says: Next to a priority labeled “Stopping Censorship and Prioritizing Truth,” Rubio wrote that although the State Department has been “combatting malign propaganda from hostile states” since the Cold War, the agency has also recently worked to promote “censorship, suppression, and misinformation” targeting Americans—perhaps motivated by “an excess of zeal or misguided attempts to control discourse.” The email, a copy of which I obtained, goes on: This Department will forever stand in support and defense of Americans’ natural and First Amendment rights to fre...
Read 8 tweets
Karen Hao Profile picture
Feb 21
For decades, the US government has painstakingly kept American science #1 globally—and every facet of American life has improved because of it. The internet? Flu shot? Ozempic? All grew out of federally-funded research. Now all that's being dismantled. 1/ technologyreview.com/2025/02/21/111…
For @techreview I spoke with 10+ federal workers who occupy, or until recently occupied, scientific and technical positions across various agencies. They explained to me how much behind-the-scenes work the US government does to keep America’s engine of innovation humming. 2/
Government funds account for more than *half* the R&D budget that US universities spend each year—in 2023, that was $60B out of $109B. The gov also does a lot of its own research at national labs like Oak Ridge & Los Alamos and agencies like NOAA and DoD.

What's the ROI? 3/
Read 10 tweets
Karen Hao Profile picture
Jan 27
As someone who has reported on AI for 7 years and covered China tech as well, I think the biggest lesson to be drawn from DeepSeek is the huge cracks it illustrates with the current dominant paradigm of AI development. A long thread. 1/
First, what is DeepSeek? A Chinese firm that was able to produce an open-source AI model with roughly 1/50th of the resources of state-of-the-art models yet still beat OpenAI’s o1 on several benchmarks. 2/
Much of the coverage has been focused on US-China tech competition. That misses a bigger story: DeepSeek has demonstrated that scaling up AI models relentlessly, a paradigm OpenAI introduced & champions, is not the only, and far from the best, way to develop AI. 3/
Read 24 tweets
Karen Hao Profile picture
Sep 13, 2024
To the public, Microsoft uses its reputation as an AI & sustainability leader to tell a compelling story: AI will do wonders to help solve the climate crisis. To fossil-fuel firms, Microsoft has a different message: AI will help them drill, baby, drill. 1/ theatlantic.com/technology/arc…
For more than a year, I’ve been poring over hundreds of pages of internal Microsoft documents, many of which were shared with the SEC, and interviewing current and former employees and execs on the giant's engagements with the oil & gas (O&G) industry. 2/
Microsoft doesn’t just passively provide its services to these companies. It develops bespoke AI-enhanced tools for them, which it also markets to them as for the explicit purpose of optimizing and automating drilling, and maximizing fossil-fuel production. 3/
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(