Express Company database is exposed to loopholes

Source: Internet
Author: User
Keywords Hackers often into
Tags company development economic economic development express express company hackers information

Absrtact: Yesterday, CCTV "weekly quality report" reported that in March this year, Hangzhou Xiasha Economic Development Zone, the head of a courier company found that someone online to buy and sell their company express information on the list, and sales are still very large. and the police

Yesterday, CCTV "weekly quality report" reported that in March this year, Hangzhou Xiasha Economic Development Zone, the head of a courier company found that someone on the Internet to buy and sell their company express information on the list, and sales are still very large. The police investigation found that a student in the network security test to find the courier company or other companies of some security vulnerabilities, the extraction of personal information and network sales.

According to the case of the suspect, some express company website database Some relatively low-level vulnerabilities, such as weak password vulnerabilities, upload vulnerabilities, and so on, successfully through the loophole into the background of the site, you can upload backdoor files, access to the database. If you disguise the back door, you can continue to get updated data.

It is noteworthy that the express industry has repeatedly exposed the existence of a number of sales phenomenon. According to the reporter understand, a courier information flow often to go through a lot of links, Courier, courier company internal personnel, delivery links, the recipient end of information leakage risk. The data in the electronic database will be cleaned up periodically for the user information of the Courier document. and the real decent list is a daily storage, in the determination of the number of correct and no complaint information (generally retained for one year), the expired face list will be under the supervision of the Postal Supervision Department of the record and sent to the paper-making enterprises to destroy, is generally to the express single crushing paper pulp , and the harmless treatment of recycled paper.

And according to the implementation of the "Beijing Express security Management measures" in March this year, the disclosure, scalping user information of the express enterprises will be sentenced to a maximum of 30,000 yuan fine, related outlets may be revoked business license.

Yesterday, rising security experts Tangwei to reporters, express company's database must do a regular destruction, and on the site should do a good job of security precautions, and the site, the entrance of the comprehensive security testing. "such as the above-mentioned cases of password vulnerabilities, upload vulnerabilities, etc., if the site operators have done security testing, will be able to find." Tangwei said many small and medium-sized logistics companies do not pay enough attention to information security, so they are often targeted by hackers. Logistics companies should do a good job of protection, and in the establishment of operating mechanisms to consider security issues, such as different managers set different access rights.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.