Absrtact: The picture is the network screenshot CSDN, Tianya the user information leakage event stirs up the whirlpool is still expanding unceasingly, spreads the domain from the electricity merchant to the bank. Yesterday, the online news that the number of domestic banks and the user data and password has been leaked. Message diffusion
Picture for network screenshot
CSDN, Tianya user information leakage events stirred up the whirlpool is still expanding, the spread of the field from the electric trader to the bank. Yesterday, the online news that the number of domestic banks and the user data and password has been leaked. News of the spread of some of the bank's users panic, the relevant banks immediately to the rumor. Experts also pointed out that the bank card password is not reversible encryption, there is no plaintext password.
In response to the leak, the ministry said the night before the start of emergency preparedness plans to understand the situation, assessment of impact and harm. National Computer network Emergency Technology Processing Coordination Center operation Director Zhou Yonglin yesterday said, from the current grasp of information, the Internet published most of the user information is not true, only individual is verified true.
Developments A
Network exposure Bank data leakage related banks to the rumor
A well-known Internet information platform "hit the kick" yesterday through the microblogging release news, said some netizens have told them that the domestic bank's user data has been leaked, involving 70 million users of bank of communications and 35 million users of Minsheng Bank, and a screenshot accompanying the microblog shows the "leaked" user name, card number, password and other sensitive information , as well as the user information of ICBC.
The above-mentioned news, the relevant bank immediately rumor.
Bank of communications issued a statement yesterday, said rumors are pure rumors, the bank adopted advanced encryption technology and careful security precautions to ensure that all customers with safe and efficient financial services. The bank calls on all sectors of the community to boycott disinformation, not to be misled by false rumours. For any intentional disinformation, serious disruption of the financial order, the settlement will reserve the right to pursue their legal responsibilities.
The relevant head of ICBC said to reporters yesterday that the rumors were untrue. ICBC to the customer password and other important information has taken very stringent measures to ensure information security, in the system for the storage and transmission of customer passwords are encrypted; In the cooperation with the third party company, the password information is required to operate on the ICBC system page. ICBC's customer information and passwords are safe.
Minsheng Bank also issued a statement yesterday, said: "December 29, there are micro-Bo said that our bank customer information was leaked." After investigation, this information is seriously untrue! "
Yesterday two o'clock in the afternoon more, that caused the uproar of Weibo has been "kicked off" deleted, "by the kick" said, "Bank User data leakage" message has not been validated, their own microblogging just want to remind you to pay attention to the security of network information.
>> look at the picture
Not a Bank system page ICBC card is a logout card
Relevant person in charge of ICBC: in the so-called leaked screenshots of the internet, the three bank cards involved are invalid cards that have been written off, and, from the relevant text data structure meaning analysis, including the order number (ORDERID) and so on, which can be judged that this information is not from the bank's database.
Madjon, general manager of Information Technology Management Department of Bank of Communications: from the screenshot of the page, obviously not the bank's system page, and the bank's password settings are hard to encrypt the whole, it is impossible to display on the system outside the bank. Because this is a rumor, so users do not need to change the password, but it is recommended that the user's password to maintain a certain degree of complexity, and regular changes to avoid the use of 888888 simple passwords. Password settings Avoid simple numeric sequences, personal information that others know, and simple keyboard combinations. It is recommended that you use a combination of letters, numbers, and characters and change them frequently.
Fence founder Xu Jiantao: Screenshot of the so-called, Minsheng Bank user name, card number, password is no doubt false, bank card password is irreversible encryption, I have done more than 10 including core trading system of the bank card related projects, very sure that the system is not possible to have plaintext password, There is no such thing as a back door for the security department to leave a clear password, (rumor-mongering) do not firebrand.
Progress two
Famous electric dealer accused of being involved in an emergency response to Beijing-east
Yesterday, some netizens reported that Dangdang 12 million user data has been leaked, the current data has been circulating on the black market.
Dangdang yesterday issued an emergency statement that the data published online only a very small part of the truth, and are the old data before June 2011, this part of the data is before the hacker attack was stolen, Dangdang had to the public security organs reported. At present, Dangdang has a comprehensive upgrade of system security to ensure the security of user information. For any unauthorized disclosure of business secrets of business, when the right to hold their legal responsibility.
In addition to when, Jingdong Mall this week was exposed to similar problems. Domestic security Problem Feedback platform Wooyun (dark Clouds) recently issued a loophole warning, said Jingdong database exists high-risk risk, user data or has been stolen. Jingdong Mall immediately responded that, after verification, did not find the corresponding loopholes, the user's information password is also encrypted storage, not leaked.
With e-commerce closely related to the Third-party Payment Enterprise Alipay also involved in the leak, online rumors that Alipay's user information is used for network marketing, the total leakage of 15 million to 25 million. In this regard, Alipay said that the leaked only account no password, no threat to the user's money security, "Alipay to take financial level of information security standards to protect the user information and financial security, we are committed to no one from Alipay access to the user's password and other private information." In the past, there will be no later, please rest assured.
At present, is exposed to the leak in addition to CSDN, Renren, the end of the Earth, but also includes happy net, play, Century Jiayuan, cherish the network, the United States Air network, Lily Nets, 178, 7k7k and other well-known sites. Although the leak has not yet been found to cause substantial damage to the mass, but the Internet users panic is spreading, the industry is also worried that in the future, more users of the site's data will be released by hackers.
Authority to say the Ministry of
Start to assess the impact of events
On the evening of December 28, the Ministry of Industry and Information Technology issued a circular on recent information leaks in some Internet sites and strongly condemned the theft and disclosure of user information.
Ministry of Industry said, CSDN, Tianya and other sites occurred after the user information leakage incident, the Ministry of Industry immediately start emergency plans, the organization of the relevant communications authority, the National Computer Network Emergency Technology Management Coordination Center (CNCERT), network security experts and some Internet enterprises, to understand the verification of events, assessment of the impact of events , the research puts forward the countermeasures.
The Ministry of Information requires the Internet to attach great importance to the user's security work, the site of information leakage of users to do a good job in the aftermath, as soon as possible through the website announcements, e-mail, telephone, SMS and other means to warn users to remind users to modify the site or other sites using the same user name and Sites that do not disclose user information should strengthen security monitoring and, if necessary, remind users to change their passwords. The ministry also asked the Internet stations to carry out a comprehensive safety self-examination.
Cncert
The network exposes the disclosure information to be more untrue
Yesterday, the reporter contacted the National Computer Network Emergency Technology Processing Coordination Center (Cncert) operation director Zhou Yonglin, he said, Cncert is currently in accordance with the request of the Ministry of the Department to actively deal with the leak, the specific reasons for the leak, scale and damage is also in the investigation and evaluation. But he pointed out that from the current grasp of information, the leak appears to be large, but the information released on the internet most of the leaks are not true, only the individual was verified to be true. In this part of the information that is true, many are because the user has set a password that is too simple, and a user name and password that has been temporarily registered and then discarded.
Password defense
How can I tell if my password is leaking?
Users who want to inquire about whether their username and password are compromised can use the security software vendor's testing tools. Jinshan Network launched a quick query service for example, the user login http://
cs-test.ijinshan.com/security/, enter a commonly used username or mailbox to query whether the account is exposed in a database that is currently exposed. Security experts remind users of the recent emergence of a lot of unknown web sites produced by the password leak test software, which is likely to contain viruses, suggest users do not randomly test.
How do I set a more secure password?
For password settings, 360 security expert Dr Shi Xiaohong proposed the following: User classification management password, important account (such as common mailbox, online payment, chat account, etc.) to set up a separate password, regularly modify the password to avoid Web site database leaks affect their own account; Work mailbox is not used for registered network account, In order to avoid the disclosure of passwords to endanger enterprise information security;
Jinshan Network security expert Tiejun The advice to set a password is to use at least 14 or more characters whenever possible; personal information such as name, birthday, driver's license, passport number, etc. do not use to set a password; avoid using sequentially connected or duplicated characters.
To facilitate user testing of password security, 360 also launched the emergency password Security appraiser, scoring the form of intuitive test password security.