When asked by another user in the post whether the alleged database is related to the huge alleged leak from the Shanghai public security database last month, the poster replied: “Not directly.”

Hong Kong authorities slam ‘inaccurate’ security audit of Covid risk-exposure app

Shanghai’s health code, or Suishenma, is a programme of QR code developed by the Shanghai Big Data Centre, an agency under the Shanghai Municipal Government, in early 2020, designed to help local authorities manage the Covid-19 outbreak. It classifies a citizen’s risk of spreading the virus by labelling them with three colours of the QR code – red, yellow and green. It has now become a necessary digital tool in the daily lives of Shanghai residents, as they need to present a green code before taking public transport or entering public venues.

A government official from Shanghai’s Big Data Centre said that the agency is only responsible for the development of the programme, and denied the data was leaked from the agency, Chinese newspaper Southern Metropolis Daily reported on Friday. Other government agencies in Shanghai have yet to confirm the leak.

The alleged leak, just a month after what could be the largest ever data leak in the country, has raised concerns about the security of private information in China, where the state has collected huge swathes of data from its citizens for social surveillance and governance purposes.

In late June, a poster from the same community, with the handle name of “ChinaDan”, touted for sale personal information from the city’s police database. It allegedly contained the information of 1 billion Chinese residents, including names, addresses, identification numbers and mobile phone numbers, according to the post which was later removed by forum administrators.

Qihoo 360 says US NSA is behind hacking group that has stolen Chinese data

While Shanghai police did not respond to requests for comment, executives at Alibaba’s cloud unit were summoned by authorities in Shanghai over the hacked data, which was stored on its servers, The Wall Street Journal reported at the time. Alibaba owns the Post.

Chinese netizens rushed to express their concerns over privacy on Friday, with the topic of “officials respond to web site allegedly selling Suishenma data” trending on microblogging platform Weibo. “As Covid-19 develops, almost everyone has applied for a health code. If this is real, the impact is almost unimaginable,” commented a Weibo user going by the name of “Wang Dachui”.

Chinese authorities have previously said the country is a consistent target of overseas hackers. Northwestern Polytechnical University, based in Xian and one of the country’s top schools for national defence research, said in a statement last month that it had been the target of a cyberattack from overseas.

But there have been several data leaks domestically amid a rampant underground market for personal information. In 2020 alone, China investigated 560,000 cases of cybercrime and arrested over 80,000 suspects, including 13,000 involved in personal information infringement and another 2,975 suspects involved in hacking, according to the Ministry of Public Security.