The password leakage of an account of the big data series poor game may lead to APP replacement and Solutions
Poor mailbox Management of poor games, the mailbox has registered many third-party websites, and the mailbox password is the same as the registered third-party website password. Because the security of third-party websites is uncontrollable, the password of a poor travel email account is leaked.
Search for "@ qyer.com" in the social engineering database and find a password: qy123456. It is likely that the password is a general or initial password of the enterprise.
The Dictionary of the mailbox account and password generated by using the password and the collected poor game mailbox, and the brute-force cracking by using the mailbox brute-force cracking program, succeeded in many:
Many successful email accounts are commonly used, such as publishing management apps,
We can see that pods and Xiaomi app stores are all registered using this email account. The visual test should be the account for releasing the poor game app. The test can receive password protection emails,
We will not change the password, but will not go further if we can find important information from many companies through our mailbox.
Solution:
1. prohibit company email addresses from registering external websites;
2. The company email password cannot be the same as the password of an external registered account;
3. Change the email password. All mailboxes that use the password are modified.