-
A hacker claims to be selling 550 million Chinese phone records on an underground forum.
-
The alleged records consist of names, phone numbers, and regional information about individuals.
-
Security analysts and law enforcement alike have not validated the database or identified its source.

A cybercriminal advertised alleged Chinese phone records containing 550 million entries on a dark web forum. But whether the claim is credible or not is uncertain at the time of writing.
However, the actor released a small sample to back up their claim. The sample reportedly shows phone numbers, names, and regional details. The seller says interested buyers should contact them via Telegram for more information.
The Origin of the Database
The forum post does not say where the records came from. The seller didn’t mention the name of the company or agency from which they pulled the alleged data. Also, they didn’t give details of how they obtained the records.
This obscurity makes it difficult to believe the claim. Normally, big data listings often mix information from many sources. Some data comes from old breaches. Some come from public records or web scraping. Other sellers just make things up to look credible.
Without independent checks, there is no way to know if the database is real. There is also no way to know if the seller actually has all 550 million records they claim to have.
China has Seen Big Data Claims Before
It is not the first case when such a bulk of Chinese data surfaces online. Someone once posted one billion Chinese data allegedly from the Shanghai police department.
Researchers managed to prove the credibility of parts of this data leak. However, its actual scale was still questionable. Since then, a lot of other leaks involving government departments and commercial companies have appeared online too. Some of those leaks proved to be real, while others were just fake.
Why Cybercriminals Value Phone Numbers
While phone numbers may not appear so sensitive, they can be of use to cybercriminals. Phone numbers come in handy for phishing scams. Scammers often send fake texts and call people posing as representatives of reputable brands, friends, or loved ones.
Also, hackers use them for identity verification attacks. The value of stolen data extends to financial records; a hacker has claimed the sale of 638,000 federal bank records.
Many services use phone numbers to confirm who you are. Once they have your number, they can go after your accounts.
Things get even riskier if attackers manage to link your number with other pieces of your personal info. They can match phone numbers with names and locations or link them to information from other breaches. This helps them build detailed profiles of their targets. This information makes their scams more believable.
Why You Shouldn’t Always Trust Big Data Leak Claims
While the figure of 550 million can be intriguing, numbers alone do not provide enough evidence.
Threat actors often inflate numbers. For starters, a larger number can fetch a bigger price tag. At the same time, it will get more attention from potential buyers. Underground listings usually contain duplicates or data from old breaches. Some vendors scrape publicly available data and sell it as stolen data.
Without any form of verification, no one knows how many people in the dataset are real. No one knows whether the data is still up-to-date. And it’s uncertain whether the vendor even possesses the data advertised. This is why security analysts always refer to such posts as “alleged”.
So at this stage, we can only consider this a hypothesis since there is no report of a fresh data breach.
Security experts will have to examine the sample before we draw conclusions. The result will probably offer answers to some crucial questions. Who gathered this data? When did they gather this data?
Does the entire database really exist? Above all, does this indicate a new breach or a simple reuse of existing data? Until then, the claim remains what it is: an unverified claim.