Inventory of China's internet leaks in recent years

Inventory of China's internet leaks in recent years
Today, with the rapid development of mobile internet, a small mobile phone carries our family photos, circle of friends, location tracking, work units, credit card passwords, payment information, etc., which makes people more worried about the hidden dangers of network security. With painstaking thinking, how can we face our privacy in the future?
On March 22nd, Wuyun.com, a well-known vulnerability reporting platform in China, released relevant information about the “Ctrip security payment calendar leaking user bank card information”. Vulnerability finders pointed out that Ctrip's service interface for processing user payments enabled the debugging function so that all data packets transmitted to the bank's authentication cardholder's interface were stored directly on the local server. The information encryption level is not high enough and can be easily accessed by clients. The leaked information includes the user's: cardholder's name, identity card, type of bank card held, card number, CVV code, and 6-digit password used for payment.
Immediately after this news came out, people worried about the security of Internet information. Professionals on Weibo have started to report that a hurricane of Internet security is coming.
In fact, the security issues in China's Internet industry have been criticized in recent years. There have been years of leaked secret doors and new ones every year. Next, we will take stock of the numerous “leakage doors” of the Chinese Internet.
Ctrip reveals that security card users have been compromised
On March 22, 2014, Wuyun.com, a well-known vulnerability reporting platform in China, released information about the “Ctrip security payment calendar leaking user card information”. Vulnerability finders pointed out that Ctrip's service interface for processing user payments enabled the debugging function so that all data packets transmitted to the bank's authentication cardholder's interface were stored directly on the local server. The information encryption level is not high enough and can be easily accessed by clients.
The leaked information includes the user’s: cardholder’s name, identity card, type of bank card held (for example, China Merchants Bank credit card, Bank of China credit card), card number, CVV code (a group of digits behind the credit card), and 6 digits for payment. password.
A few hours later, Ctrip.com posted a very official reply. Ctrip technicians have confirmed this vulnerability and repaired it in a timely manner within two hours. They are grateful for the vulnerability information discovered by the cloud platform. The users affected by this vulnerability are some of the recent transaction customers. At present, there is no case where the user is affected by the vulnerability and the corresponding property is lost. Ctrip.com always attaches great importance to information security. If there is any new progress in this vulnerability, it will continue to be reported.
This official statement caused more panic. The leaked door has been circulated by most people. As long as the users who have been consumed by Ctrip with a credit card, they may be exposed to such risks. On the next day, several major bank card customer service phone calls with Ctrip were detonated, and many users requested a change of card.
The customer service of the China Merchants Bank Credit Card explains this way. Only users who have purchased during the 21st and 22nd months are likely to be at risk. Other users have no risk.
On March 23, Ctrip gave a more detailed explanation. "Ctrip's technology developers turned on the payment debugging function in order to investigate the system's doubts on the online environment, leaving a temporary log that was not promptly removed due to negligence. Currently, these information It has been deleted. After the investigation, only the developers of the vulnerability made a test download, involving a total of 93 Ctrip users who were at risk. The users who did not receive a Ctrip phone notification were personal information secure.”
A professional in the security field said that the severity of Ctrip.com's leaked incident far exceeded the CSDN's leakage. CSDN is a database data leak, and this time it is a log data leak. More seriously, the log data records detailed data related to money.
CSDN is hacked to attack the Internet frequent password leak event
In December 2011, the security system of CSDN was attacked by hackers, and the login name, password, and email of 6 million users were leaked. Subsequently, the CSDN "password leaked door" continues to ferment, then, "player sets" for websites such as multiplayer games, Renren.com, 178, Dudu cattle, Kaixin.com, Tianya community, Century Jiayuan, Lily.com etc. online.
Tianya.com issued an apology letter on December 25. It said that the privacy of 40 million users of Tianya was leaked by hackers. The earliest involved in this incident has been reported CSDN, said that the existing 20 million registered users account password database has been all ciphertext protection and backup.
The earliest disclosure of this incident can be found in the feedback platform of Wuyun's security issues. Following the disclosure of user data of CSDN and Tianya community, Alipay users leaked a lot and was used for online marketing. The total amount of leakage was 15 million to 2500. As much as possible, the leaking time is unknown, and only the user's account number and password are available. Among the companies that have been involved are Jingdong Mall and Dangdang.com. In 2011, many password leakage incidents caused Internet users to have widespread concerns about the theft of Internet information such as their own account numbers and passwords. Netizens started to change their passwords after the password leaked out, but the user's password change was only a “temporary cure”, and the site’s change of data storage strategy was “final cure”.
China Life Insurance has leaked 800,000 accident insurance policies
On February 26, 2013, a netizen posted a message in the online community that when China Life registered an auto-relief card, it found that China Life’s co-operative website “Zhongyi Risk Management” search information column was free to find out all policyholder information. , including insurance, mobile phone number, ID number, password, etc. Followed by enthusiastic users based on the URL provided in the post, found a total of 792,270 policyholder information.
It was alleged that the information disclosure problem was caused by mistakes in the upgrade operation of the partner company's website. After the incident, although China Life Insurance and Chengdu Zhongyi Kangjian Technology Co., Ltd. both apologized to the public, due to the existence of the grey market for selling personal information, many policyholders still have concerns about the safety of personal information.
In the industry's view, although incidents of personal information leakage are common occurrences today, the incident has also sounded an alarm for information security in the insurance industry.
"Prism Door" Incident: U.S. Government Peeks into the World
In June 2013, Eduard Snowden, an employee of the United States’ CIA, broke the news of the American Prism Wiretapping Project. The “Prism” program began in the Bush era of 2007. US intelligence agencies have been conducting data mining work in nine US Internet companies, analyzing personal contact information and actions from audio and video, pictures, mail, documents, and connection information. There are 10 types of monitoring: information e-mail, instant messaging, video, photos, stored data, voice chat, file transfer, video conferencing, login time, details of social networking data, including two secret surveillance items: 1. Surveillance, Listening to the call records of the public telephone; Second, monitoring the people's network activities.
In Snowden’s revelation, nine companies including Google, Yahoo, Microsoft, Apple, Facebook, AOL, PalTalk, Skype, and YouTube were allegedly involved in espionage. The companies are suspected of opening their servers to the US National Security Agency. Enables the government to easily monitor the mail, instant calls and access data of millions of Internet users around the world. Although these companies strongly denied the crime. However, on June 14, Facebook and Microsoft recognized for the first time that the U.S. government had asked them for user data and published some of the data, in an attempt to get rid of the "prism door" as soon as possible.
The "Prism leak door incident" exploded all over the world at one time, causing widespread concern worldwide. As the protagonist of the incident, Edward Snowden, an employee of the United States Central Intelligence Agency, not only made the US government fidgety, but also revealed many information he disclosed to China's online information industry. According to Snowden, thanks to the Prism Project, the US National Security Agency has been monitoring Chinese networks and computers through routers and other devices. Therefore, the privacy of the Chinese people on the Internet, including the privacy of our government and senior officials, has been exposed on the Internet... ...
Sogou mobile phone input method leaks user privacy
On June 5, 2013, according to the vulnerability report released by the Internet vulnerability report platform Wuyun, the vulnerability of the Sogou input method has caused a large number of users to disclose sensitive information. According to the report, the Sogou input method information storage process stores the corresponding information in the cloud, but due to the corresponding configuration and other reasons, the session information picture, video, and audio are leaked. Many of these IDs, nude photos, and letters of prosecution.
According to the introduction of Sogou input method, netizens posted a large amount of exposed privacy content including voice, photos, and certificate information on the Internet, all of which were derived from the “Super SMS” function of the mobile phone “Sogou Input Method.” The specific disclosure method is: Internet users install Sogou input method "super SMS" function on the client, and then send audio and photos. The multimedia content such as audio, photos, and documents sent by users will be placed in the cloud. If the recipient does not install the product, he will receive a link, which will open the information content. Finally, these user information were captured by Microsoft's search engine Bing, which was exposed online.
Security experts suggest that users should not blindly trust "big companies, big websites". When registering online, they should disclose their personal data as little as possible. If not necessary, do not disclose phone numbers, home addresses, bank card numbers, QQ passwords, etc. private information.
Such as home, seven days and other hotel chain information disclosure
In October 2013, hotel chains such as Home Inns and Seven Days were exposed by the Internet as having disclosed information on up to 20 million customer openings. According to reports, a website called "Check Room". Just enter the name or ID number, you can query to include the ID number, birthday, address, mobile phone number, email, company, registration date and other real information.
One week before the incident, records of multiple hotel rooms were stored by Zhejiang Huida Station Network Co., Ltd., a provider of wireless Internet access authentication management systems, and leaked due to loopholes in the system. Hui Da Station Company confirmed that there were loopholes and has been repaired. It also said that the personal information of the occupants did not leak due to the opening of the house.
There are loopholes in the chain hotel information system, which has caused a large number of citizens’ personal information to be queried in the near future. In fact, it is not the first time that citizens' information has been leaked on such a large scale. According to statistics, since 2009, major public information leaks have occurred frequently, involving medical, insurance, real estate, recruitment, social networking, shopping, third-party payment and other areas. The illegal online trading of personal information has formed a black industrial chain.
Express information disclosure Yuantong million customer information online sales
On October 22, 2013, Yuantong Express disclosed that its nearly one million express delivery individual information can be purchased on the Internet. The single number data information can also be refreshed in 24 hours.
According to media reports, the word “single number” was entered in the Taobao search field, and more than 2,900 pieces of baby would pop up. Most of these shops are given names such as "logistics service", "logistics number inquiry" and "national two-way inquiry service". The reporter continuously clicked on the specific product descriptions of several shops and discovered that basically only the “Yuantong express data” was sold. Express delivery information is generally 1 yuan/bar. If the amount is large, it is 0.8 yuan/bar. The demand is 0.3 yuan/bar.
In the past two years, the leakage of personal information on express orders frequently occurred. The express companies involved included Shentong, Yuantong, Zhongtong and Yunda. The Internet behavior of netizens is almost in a state of “streaking.” How to make people's network information protected has become the most important issue of Internet security.
12306 new version of the vulnerability on the line exposed
The 12306 website has always been criticized for cyber security. In December 2013, the new version of the China Railway Customer Service Center 12306 website during the Spring Festival was formally put into trial operation two days ago. Just on the first day of the launch, professional security personnel discovered that there were loopholes in the new 12306 website.
Vulnerability finders pointed out that the vulnerability of 12306 website leaked user information, such as login name, email, name, ID card, and telephone privacy information. The discoverer of another vulnerability also revealed that "a number of booking logic vulnerabilities exist in the new version of the 12306 website." This vulnerability may lead to the proliferation of late-stage booking software and result in unfair booking.
postscript:
As of the 24th date of this article, Ctrip’s latest response stated that the loophole has been fixed and that the investigation of the payment information of 93 users has potential risks. These users have been notified to change their credit cards. After verification, there is no case where the user’s credit card has been stolen. Ctrip has promised that Ctrip will assume full responsibility and pay compensation if it causes user losses due to security breaches.
Although Ctrip’s attitude is positive, we have seen that from the CSDN vulnerability incident in 2011, the number of Internet leakages has been increasing each year. However, Internet companies have not learned from the accidents of others and still commit some low-level errors in information security.

 [Safety and Ultra Lightweight]-- NO overheating after using for hours. 45 degree tilting head reduces neck fatigue. Adjustable Strap makes your head get the best comfortable condition.
[Hands-Free Lighting]-- When your task requires both hands and a bright light with a wide beam, reach for the soft digits Headlamp. It produces 300-800 lumens of different light mode to as far as 200--500 meters, with high performance led Bulbs.
[Rechargeable and Waterproof]-- Compact and powerful USB rechargeable battery provides for 6 hours using time. There is no need to change batteries. It is very convenient for you to just charge it with the USB cable. IPX6 water resistant grade, it's safe to use even when it's raining.
[8 Modes&Motion Sense Function]-- Soft Digits Headlamp has 8 modes of lighting. You get the exact level of brightness(medium/high/flash) on main light and the side light. The motion detection provides you the convenience you need for any use in the dark. Easily change between modes.

USB Rechargeable Headlamp

Led Head Lamp,Cob Led Headlamp,Led Head Light,Led Headlight Flashlight

Ningbo Wason Lighting Technology Co.,Ltd , https://www.wasonlight.com