The data of SF’s 300 million customers is suspected to be leaked. The reporter measured that 17 of the 20 items were SF customers.

2026年3月28日 | admin | D4

"Red Star News" WeChat official news on September 1, recently, Red Star News received a report that someone on the Chinese forum of the dark network sold the relevant data of SF Express and Logistics, entitled "Exclusive Data of 300 million SF Express Logistics".

Screenshot of dark network trading market page  

From the 100,000 pieces of inspection data provided by the informant, the Red Star journalist randomly dialed more than 10 people and found that the phone number, name and address were all real, and the phone owner did use SF Express to receive and send items.

In this regard, Li Tiejun, a network security expert, told the Red Star journalist that whether the news on the dark network is true or false is the latest data or the data that has been leaked before and sorted out later needs to be confirmed.

At present, SF said that it had called the police for the first time, and the police have not announced the progress of the incident.

The dark net has been registered for a month and a half.

A total of more than 100 sales information stickers were posted.

The informant revealed to the Red Star journalist that he had logged into the Chinese forum of Dark Network and found the trading area of the website. Under the category of "data and intelligence", a user with the ID of "bijiaodiao1688" posted a post of "exclusive data of 300 million express logistics in SF Express" at 5: 14 pm on July 18th.

Screenshot of selling information webpage

After clicking on the post, the seller "bijiaodiao1688" emphasized that "the data that can be sold this time is the exclusive data of SF Express Logistics", and said that these data totaled 300 million pieces, including the name, address and telephone number of the sender, and the price was 2 bitcoins (calculated at the price on August 28, about 96,000 yuan).

In the post, "bijiaodiao1688" indicates that the buyer can pay 0.01 bitcoin (calculated at the price on August 28th, about RMB 480 yuan) to inspect 100,000 pieces of data. It also specifically stated in the post that everyone’s data were randomly selected from 300 million articles, and all the data of everyone were not completely consistent.

As of August 28th, the number of data sold in the post is 100, and the number of transactions has been 9. Due to the setting of the dark net, we can’t see the chat records of the seller "bijiaodiao1688" and other buyers, only the last login time of the publisher of the post is in the near future.

According to the webpage, "bijiaodiao1688" was registered on the morning of July 11th. Over a month, more than 100 posts have been posted, most of which are for the sale of various information.

On July 31st, "bijiaodiao1688" published a post titled "SF 2017 Leak". In the post, "bijiaodiao1688" said that the data sold were SF 2017 data, and it once again emphasized exclusivity. This time, 0.5 bitcoin can buy 20 million pieces of data, and it also promises that the data is among 300 million pieces, and 0.5 bitcoin is the buyout price, "never sell it to others". This time, the number of data sold is 30, the price is 0.1 bitcoin, and the number of transactions has been 3.

According to the trading rules of dark net, all websites are settled by bitcoin, and bitcoin can be split into units with a minimum of 0.01. "This is to reduce the information asymmetry between the two parties. If the buyer finds it is not true after inspection, it can be complained within three days."

An industry insider, who asked not to be named, told the Red Star journalist that the dark net adopted a delayed settlement model similar to Alipay. After three days of receiving the purchased goods, if there is no complaint, it means that the transaction is completed and the station will allocate Bitcoin to the seller.

Randomly verify that the information of more than ten people is true.

Expert: Does it need a lot of verification?

Li Tiejun, a network security expert, told Red Star News reporter that the dark net blocked the search engine, so websites could not be found by ordinary people through search engines, and some illegal or even suspected criminal materials would be sold on the dark net.

The Red Star journalist saw from the screenshots of relevant pages provided by the whistleblower that in the same forum, there were many posts selling data such as hotel opening data of Huazhu, Zhejiang student status, first-hand data of 180,000 shareholders, university teacher data, 1 million real-name ID numbers and names, and all of them were being sold simultaneously. Among them, for the suspected leakage of the hotel opening data of Huazhu, Huazhu Group has said that it is currently cooperating with the police to investigate and promised to inform the public of the investigation results as soon as possible.

The informant contacted "bijiaodiao1688" as the buyer. After paying 0.01 bitcoin, "bijiaodiao1688" sent a network disk address with an extremely complicated password, and said, "Please confirm it, and we will follow up your needs later".

The address of the network disk refers to a document named "10w1". The information number shows a total of 100,000 pieces, and there are actually 97,624 pieces. The leaked customer information is distributed all over the country, including name, telephone number and very detailed address of each person. For example, "Xu X, 138XXXX8460, No.1×4, XX Avenue, Majiadian Street, zhijiang city, Yichang City, Hubei Province", "Xie Xli, 131XXXX1875, A1X3, XX Community, No.121, XX Road, Hedong District, Sanya City, Hainan Province" and so on.

In this regard, Li Tiejun is cautious. He reminds Red Star journalists that the news on the dark net is true or false and needs to be verified. Li Tiejun said that in general, some samples of the sales data will be verified. "If there are 300 million pieces of data, there should be at least 30,000 pieces of data to verify." In addition, whether it is the latest data or the data that has been leaked before and sorted out later needs to be confirmed.

soon afterwardsRed Star journalists randomly called 20 of them, 17 of whom had the same name, phone number and address as the contents of the document, and had also used SF Express to send and receive express delivery, and 3 of them did not answer the reporter clearly.

On the morning of September 1st, @ SF Group responded in Weibo that the company had reported to the police at the first time, and the data sold by the dark network was not SF data after cross-verification by technical means. Secondly, the data sold by the dark network do not involve the logistics characteristic information such as express mail order number, consignment, receiving and dispatching time, etc., and its source is unknown, and the purpose is suspicious in the name of SF. Because of its strong anonymity, the dark network has become a hotbed of black market and criminal proceeds, and there are great hidden dangers and risks. Everyone must pay attention to prevention and identification.

What is a dark net? Internet dark zone

Anonymous encryption makes it difficult for the police to verify

According to several media reports, in mid-November, 2016, the Netan Corps of Beijing Public Security Bureau successfully destroyed a group that used Internet media such as "dark net" to spread pornographic information about children for the first time, and arrested eight suspects. This case became the first case of illegal crimes committed by overseas secret network in China.

According to public information, the dark web is a subset of the Deep Web, belonging to a small part of the deep web. It refers to the collection of resources that are stored in the network database but cannot be accessed through hyperlinks but need to be accessed through dynamic web technology, and does not belong to the surface networks that can be indexed by standard search engines.

Li Tiejun told the Red Star journalist that all the things sold and communicated on the dark net are basically illegal, which is not allowed by laws of all countries. There are all kinds of bad things such as human trafficking and pornography on the dark net, and the darkest places on the internet are all on it, so it is called the dark net.

"Dark networks are all anonymous from communication website establishment, domain name application and other aspects, and various encryption methods are also used in various communication processes, so it is difficult to be tracked. Dark-net transactions use bitcoin, which makes it easy to hide yourself. At the same time, who sent the post and who received the money, even if the police were reported, it was very difficult for the police to verify it. They didn’t know which country was in charge, and it was very difficult for Interpol to track them. " Li Tiejun said.

SF had a case in which customer information was leaked before.

The employees involved were investigated for criminal responsibility.

Where did the leaked customer information come from? Who leaked it? SF said that it had called the police for the first time and the police had not announced the progress of the case.

According to media reports, in the inspection information, Hubei Province appeared the most times, with the number reaching 50011 times; Guangdong province followed, with the number of occurrences reaching 8117; Jiangsu province ranked third with 7446 times. Among them, Hubei province has become the hardest hit area for information leakage.

Coincidentally, in May 2018, the Jingzhou City Court of Hubei Province announced a SF data leakage case involving SF Express agents and several employees. There are more than 10 million pieces of personal information of citizens suspected of being leaked in this case, involving more than 2 million yuan. According to reports, relevant persons of SF Company said that the information security department of SF first discovered the abnormality of Hubei regional data, and handed over the clues of relevant cases to the local police for reporting.

According to the criminal ruling published by China Judgment Document Network, since the second half of 2015, 19 people, including Du Liming, a courier of Hebei SF Express Co., Ltd., have used WeChat, QQ and other software platforms to sell, provide and illegally obtain citizens’ personal information including SF Express’s bill number and face sheet (that is, pictures including SF Express’s bill number, address and telephone number) in order to seek illegal benefits. On December 6, 2016, the public security organs seized 52 emails in Du Liming’s QQ mailbox, containing 19,965 personal information of citizens. According to the statistics of Du Liming’s WeChat bill, the illegal income from selling citizens’ personal information is more than 160,000 yuan. In this case, more than 10 million pieces of personal information of citizens suspected of being leaked were finally seized, involving an amount of more than 2 million yuan. Nineteen suspects were sentenced to fixed-term imprisonment ranging from one to three years.

Zhao Zhanling, legal adviser of Credit Evaluation Center of Internet Society of China, told Red Star News reporter: "It is difficult for us to directly judge whether the SF customer data sold in the dark network is true or false. We are not sure through which channel and who leaked these customer information. It’s better to report the case and let the police investigate the source of the leak. If someone obtains data through illegal means, for example, stealing information through technology intrusion into the SF system, it is suspected of committing a crime, or it may be obtained by netizens through other online accounts. "

If this information leak is true, does SF take responsibility in this matter? Zhao Zhanling said that it depends on whether SF Express has fulfilled its responsibility and obligation of security, because there is a cooperative relationship between users and SF Express, and users submit personal information to SF Express, so SF Express should take measures to protect users’ information security. If SF employees secretly resell or the system has technical loopholes, which causes hackers to invade and steal information, in both cases, SF has not fulfilled its obligation to protect information security and should be liable for compensation to users.

Lawyer’s suggestion: the company can set two password keys to protect information.

Liu Lin, a lawyer of Beijing Shuangli Law Firm, told Red Star that at present, the protection of citizens’ personal information in China can be divided into two levels: legal protection and personal agreement protection.

The act of selling citizens’ personal information on the Internet first infringes on the rights of citizens whose information has been leaked, and if the circumstances are serious, it may constitute the crime of infringing citizens’ personal information or the crime of selling or illegally providing citizens’ personal information. No matter on which platform the personal information of citizens is leaked, as long as it meets the criteria for judging personal information and there are acts of selling or illegally providing it, it will constitute infringement, and if the circumstances are serious, it will constitute a criminal offence.

Liu Lin suggested that in recent years, cases of users’ personal information being leaked and sold have occurred from time to time, and many data were leaked by small staff in the company. If a large company wants to prevent information leakage, it can set two password keys, one for the company manager and the other for the law firm, and the lawyer who has the password key must be a senior lawyer who knows the legal risks, for example, a lawyer who has been practicing for more than 8 years can have the password key authority. When you need to open it to get the user’s personal information, you must have two password keys to open it at the same time, so as to protect the user’s personal information.

(The original title is "SF 300 million customer data is suspected to be leaked. The reporter actually measured that there are calls for SF customers")