China Eastern is exposed to a system loophole or a large number of user order information leaked

Dark clouds on the night of December 2 disclosed a loophole about the disclosure of large numbers of users ' orders from Eastern Airlines. The vulnerability was submitted on December 2, and the vulnerability type was compromised by critical sensitive information, with a high level of hazard. December 2 20:19, black cloud white hat "passerby a" submitted a "Eastern airlines large number of users order information leaked" loophole, but at present, the status of the vulnerability is still "waiting for vendor processing." Senior aviation practitioners point out that such a loophole could lead to leaks of passenger names, cell phone numbers and flight information. "The recent flight message fraud frequent, if these important information by outlaws to get, the consequences of unimaginable." "It is reported that the cloud platform in August this year, China Eastern was exposed to SQL injection of a large number of passenger information leaks." The white-hat hacker who found the flaw in the post said: "The passenger information is so appalling that it is completely exposed." including name, date of birth, passport ID, address and so on! Forget to pay attention as soon as possible fix! "From the public information, this loophole was subsequently confirmed by the manufacturer." Passenger complaints have been a flight message fraud this August, media reported that passengers Miss Liu in the flight before Take-off received such a message: "Oriental Airlines respected Liu XX (note: The name here is the real name of the visitors) Hello!" Your reservation flight has been canceled due to aircraft malfunction. Please contact customer service for free change or refund, change to sign refunds can get East Airlines compensation to pay you 200 yuan loss, Oriental Air Service hotline 4006227003. The message was later confirmed by the East Airlines staff as a scam message. On Weibo, travellers with similar experiences are not uncommon. October 28, Weibo called "Baa Baa Not Baa" Netizen issued a dispatch: "My mother October 24 through 12580 booked an Oriental air ticket, a three-day information leakage, the lawless elements of fraud 100,000 yuan, to 12580 and Eastern Airlines to verify also get no response, today mother almost fainted, I am really sad but do not know how to do, can only hold this hope, ask everyone to help spread forward, thank you. November 16, called "Small South Liv" issued a dispatch, said: "Figure I is from the Eastern Airlines booking tickets after the flight information received, figure II is just received fraud information." I would like to ask the Eastern Airlines, customer information how much do you sell a catty?! The industry insiders pointed out that although it is not clear that the source of these passenger information is the system of Eastern airlines, but the damage to consumers is already obvious. The existence of the eastern system loophole is tantamount to exposing the passengers ' information naked to the eyes of criminals, and the airlines should pay enough attention to it and mend it in time.