12306 Website user information leakage

12306 Website user information leakage

Wooyun website announced that 12306 of the Ministry of Railways's official ticket sales website had leaked user information. The leaked information includes the user account, plaintext password, and ID card and email address. However, it cannot be confirmed whether the 12306 official website or the third-party ticketing platform leaked the information. The Ministry of Railways has denied that it was the source of the leak, saying "all user passwords in the database are non-plaintext conversion codes encrypted multiple times." It recommends that "do not purchase tickets using third-party ticketing software, or entrust a third-party website to purchase tickets ". Due to the special ticket sales mechanism of the Ministry of Railways, there are a variety of ticket grabbing software in China, and the Ministry of Railways has also continuously modified its website to prevent ticket grabbing software.

Vulnerability No.: WooYun-2014-88532 vulnerability title: a large number of 12306 user data in the Internet crazy spread including user accounts, plaintext passwords, ID card mailbox, etc. (leakage channels are currently unknown) related manufacturers: China Railway Research Institute of vulnerability Author: search submission time: Public time: Vulnerability Type: large amounts of user information leakage hazard level: high vulnerability status: Submitted by a third-party vendor (cncert national Internet emergency center) vulnerability Source: http://www.wooyun.org vulnerability details disclosure status:

 

: The manufacturer has been notified of the details and is waiting for processing.
: The manufacturer has confirmed that details are only available to the vendor

Brief description:

After the Chinese New Year, a lot of black-haired cows are dying. Just now, I saw 12306 of the data being spread, even my own sensitive data...
PS: data is only being spread and sold. Currently, it cannot be confirmed whether the 12306 official website or the third-party ticketing platform is leaked. We hope the official website will immediately access the investigation and notify the leaked users to change their passwords! Please bypass the nonsense media!

Vulnerability hash: b32175f79a8918a34488ecf17ea000068 copyright statement: Reprinted please indicate source tracing @ wooyun vulnerability response vendor response:

Hazard level: high

Vulnerability Rank: 20

Confirmation time:

Vendor reply:

Announcement on reminding passengers to purchase tickets on the official website
According to a report on the Internet that "Website user information is spreading wildly over the Internet", our website has carefully checked that all the leaked information contains the user's plaintext password. All user passwords in my website database are encrypted non-plaintext conversion codes for multiple times. The leaked user information is exported from other websites or channels. At present, the Public Security Department has been involved in the investigation.
My website solemnly reminds passengers that, to ensure the security of users' information, please purchase tickets through the official website, do not use third-party ticketing software, or entrust a third-party website to purchase tickets, to prevent personal identity information leakage.
At the same time, my website reminds the majority of passengers that some third-party websites have bundled sales insurance functions.
China Railway Customer Service Center
December 25, 2014

Latest status:

None

This article permanently updates the link address: