HTTPS: // news.cnblogs.com/n/658036/ security issues ..
Source @ Vision China
".. Microblogging personal information may have been trading in the dark, I have to buy my own network of information of the" March 19 evening, a senior official said block chain areas to titanium Media App: "On Telegram, has been a lot of personal information can be leaked by btc and eth transactions, the current network has dark crazy, we are crazy query, this thing has a huge impact in the international dark online. "
It also stems from March 19 morning Moan Technology CTO Weixing Guo released a micro-Bo (now deleted). Weixing Guo said the inquiry found that many people through technology mobile phone number has been leaked.
Soon, microblogging leaked recognize true regarding the response data for the micro-blog, is now timely to strengthen security policy, and said it does not involve the disclosure of data from the ID, password, no impact on the micro-blogging service. But she microblogging also said, "The data leakage should be traced back to the end of 2018, when the relevant users through the microblogging interfaces through bulk batch upload your address book phone, matching the millions of account nicknames, plus other channels through information with foreign sales of its address book has been available on the phone number and find friends microblogging nickname of service, the user is authorized to use the service, but does not provide information Weibo user's gender and identity card number, etc., there is no "according to the user nickname check the phone number "service, so it does not involve the disclosure of data from the ID, password, no impact on the micro-blogging service. this information is illegal to call out the microblogging is the interface to match Weibo account nickname, does not involve the rest of the data privacy . "
However, the above information provided to the user based on titanium display media, microblogging bind their personal information, including name, email, address, phone number, microblogging account numbers, passwords and other eight have been able to buy information network in the dark. A dark network to "sponsorship" fee. However, everyone was leaked data type and the numbers are different. Another user told titanium Media App, which is available online in the dark "own" the microblogging binding information, also includes the old password, ID number, license plate number, posted an account of it bound, bound qq number, etc. .
The source then added, users can also spend money to shield their information, allowing people to inquire. "My friends all the information I have found out, there are passwords, as well as several of his regular Internet address, information leakage is really horrible."
In Weixing Guo piece of deleted microblogging review, there were also friends said, found 538 million micro-blog user information in a dark net sale, in which 172 million have basic account information, priced at 0.177 bitcoins. Related to the account information, including user ID, the number of micro-blog account posted, number of fans, concerned about the number, gender, geographical location and so on.
Microblogging suddenly leaking data
Said user March 19 morning, microblogging called "Security _ Yun Shu," the Forward microblogging: "A lot of people's phone numbers leaked, the phone number can be found based on micro-blog account ...... it has been through the microblogging leaked I found the phone number to add my micro letter. "
The micro-blog information display, this man Moan Technology founder and CTO, former director of security research laboratory Ali Group. Moan science and technology confirmed that, "In situ determination of safety _" indeed Moan Technology CTO Wei Xingguo, "Yun Shu" is the nickname of Ali Baba.
Subsequently, Wei Xingguo further expressed in the comments under the micro-Bo, he passed technical inquiries, found that many people's phone number has been leaked, which involves a lot of microblogging certification of stars, officials, entrepreneurs. "The overall (titanium Media Note: The overall CEO Wang Gaofei to microblogging, microblogging called" come and go between ') phone number has also been leaked, I checked last night. "There are users message said he suspected continue to suffer data leakage, and the disclosure of information and more mobile phone numbers, and some even sent a package suspected of selling screenshots microblogging personal data, priced at 1799 yuan.
The reason for the data or hit the library or leaking
It is worth noting that certification is microblogging users @ Safety Director Luo Shi Yao also comments responded that this should be the data previously appeared in "hit Library" or "leakage" phenomenon, "Thank you care about, someone in every period of time online sales (data), each time causing a wave of public opinion, did not want to respond, this microblogging future will need them. "
Among them, the library was hit by hackers to collect Internet user and password have been leaked information, after generating the corresponding dictionary table, attempt to bulk other landing sites, users can get a series of login. Many users in different sites are the same username and password, so hackers can get the user accounts A website attempting to log B website, which can be understood as attacks hit the library.
Leakage refers to the business of certain non-core businesses small size of the team, did not set up in accordance with standardized business processes, resulting in risk, such as not doing critical data isolation, hierarchical control authority is not ready, not ready data encryption storage.
Currently, Weixing Guo has the aforementioned micro-blog deleted, and said the data was leaked through the interface should pull out some data. It is noteworthy that, in 2016, microblogging and tenderness that is user data to crawl court had, at that time, also affectionately known as microblogging accused by the user to illegally obtain phone address book contacts and Sina Weibo user correspondence.
(This article first titanium Media App, author Dan Wanjia)