12306 leak investigation the suspect hit the library why did not promptly remedy the vulnerability
this is not the first time the 12306 site user information leakage incident, but the biggest one.
12306 official website said the same day, after careful verification, this leaked information contains all the user’s plaintext password. 12306 all users of the site database passwords are encrypted for many times non plaintext conversion code, the user information leaked through the Internet or other channels through the site. Currently, the public security organs have been involved in the investigation.
at 10:59 on December 25th, dark cloud network vulnerability report released, a large number of 12306 user data on the network crazy spread.
this is a critical moment, the amount of 12306 tickets during the Spring Festival, visit the site every day are amazing.
clouds founder Wu Di told the twenty-first Century Economic Herald reporter, "this is the cloud network in history, the first time such a large-scale railway user data leakage."
it is understood that the disclosure of the leaked data reached 131653, including user accounts, passwords, passwords and other information.
cloud network is a focus on Internet security vulnerabilities reporting platform. Wu Di said, cloud network every day to monitor the data, the 12306 event is just a day. But previously, they have reported 12306 cases of user information leakage site.
on the user information leakage incident, the network heated debate. Some netizens worry that these leaked information is included in the purchase process, such as the use of bank cards and other information. Professionals suggest that if the user also uses the same user name and password for 12306 sites on other sites, you should change the password.
many accept the twenty-first Century Economic Herald reporter interviewed the incident analysis, this is likely to be caused by hackers "hit" behavior, rather than the 12306 website directly leaked but also 12306 website security vulnerabilities still exist. However, some experts believe that the cause of the incident is still unknown.
for this incident, China University of Political Science and Law law research center researcher Zhu Wei analysis said that if 12306 is due to negligence resulting in information disclosure, in the judicial practice of the principle of presumption of fault will determine the tort liability, "the first 12306 presumption of fault, and then by the 12306 proof, to prove himself to the security responsibility," Zhu Wei said.
What is the reason for the
clouds founder Wu Di told the Herald reporter on twenty-first Century, at 10:59 on the morning of December 25th, after the incident, the cloud network immediately checked in to confirm the true reliability of the message on the matter of the release.
shortly after 12306 in the first time to know this news, and contact with the cloud network, said it would investigate the matter seriously, and in the days after the announcement.