Express Company website Data Inventory Vulnerability Information online sold

Absrtact: Yesterday, CCTV "weekly quality report" reported that in March this year, Hangzhou Xiasha Economic Development Zone, the head of a courier company found that someone online to buy and sell their company express information on the list, and sales are still very large. and the police

Yesterday, CCTV "weekly quality report" reported that in March this year, Hangzhou Xiasha Economic Development Zone, the head of a courier company found that someone on the Internet to buy and sell their company express information on the list, and sales are still very large. The police investigation found that a student in the network security test to find the courier company or other companies of some security vulnerabilities, the extraction of personal information and network sales.

According to the case of the suspect, some express company website database Some relatively low-level vulnerabilities, such as weak password vulnerabilities, upload vulnerabilities, and so on, successfully through the loophole into the background of the site, you can upload backdoor files, access to the database. If you disguise the back door, you can continue to get updated data.

It is noteworthy that the express industry has repeatedly exposed the existence of a number of sales phenomenon. According to the reporter understand, a courier information flow often to go through a lot of links, Courier, courier company internal personnel, delivery links, the recipient end of information leakage risk. The data in the electronic database will be cleaned up periodically for the user information of the Courier document. and the real decent list is a daily storage, in the determination of the number of correct and no complaint information (generally retained for one year), the expired face list will be under the supervision of the Postal Supervision Department of the record and sent to the paper-making enterprises to destroy, is generally to the express single crushing paper pulp , and the harmless treatment of recycled paper.

And according to the implementation of the "Beijing Express security Management measures" in March this year, the disclosure, scalping user information of the express enterprises will be sentenced to a maximum of 30,000 yuan fine, related outlets may be revoked business license.

Yesterday, rising security experts Tangwei to reporters, express company's database must do a regular destruction, and on the site should do a good job of security precautions, and the site, the entrance of the comprehensive security testing. "such as the above-mentioned cases of password vulnerabilities, upload vulnerabilities, etc., if the site operators have done security testing, will be able to find." Tangwei said many small and medium-sized logistics companies do not pay enough attention to information security, so they are often targeted by hackers. Logistics companies should do a good job of protection, and in the establishment of operating mechanisms to consider security issues, such as different managers set different access rights.