Industry chain Exposure Web site "Drag the bank" as the culprit

BEIJING, September 6, the famous electric dealer website Amazon China exposed the account stolen events, the news that the incident involved more than thousands of users, there are victims of the balance of money stolen by the number of molecules to buy mobile phones and other commodities, resulting in direct economic losses. In this respect, 360 Security Center for the first time to the entire Internet users issued a security warning, illegal hackers use the website loophole to steal the database, and then in the electric business platform stolen number has become an industry chain, the proposed user for the electricity account to set up a separate high intensity password, and regular replacement, so as to avoid other websites leaks and implicated in the theft of the electric business account.

360 Safety Engineer Anyan said that the industry chain is divided into "tow bank", "sweep" and fence three main links. "Drag library" refers to the hacker attacks the website loophole, theft of a database containing user-registered mailboxes and passwords; "sweep" means that the hacker will be aggregated together the database, specifically for the well-known electronic web site automated bulk login, and the means of hacking is to include consumer account balances, interception of goods, collection of victims telephone, address and other personal data, Fraudulent activities.

"At the end of last year, a number of Web sites" leak door "broke out, the online public registered mailbox and password reached hundreds of billion, and the actual size of the hacker gang database can be far more than this number. Anyan said that even if only less than 1% of netizens use common registered mailboxes and passwords on their website, hackers in the vast database based on the "sweep" process, but also to obtain a large number of electronic business accounts, Amazon China exposed thousands of accounts stolen is only the tip of the iceberg, more electric business sites and user accounts may still be under the control of hackers, When there are benefits such as account balances, it will show harm.

According to the 360 Security Center issued the "2012 first half of China's network security report," shows that more than 75% of the domestic sites have high-risk vulnerabilities, at any time may be hackers to invade the "drag library." Even the hacker web site publicly provides password database query services, a large number of Internet users ' mailboxes and passwords thus exposed to the Internet, the security of the account poses a serious threat. (Beijing, the IT channel)

For the user how to protect their own account property, 360 Security Center recommendations:

First, the electrical business and other important accounts set up high intensity password, and regular replacement;

Second, if you worry about the password too much difficult to remember, you can use the "Common password + website name" password format (or with other special symbols instead of +), you can improve the hacker "sweep" difficulty;

Third, the electricity business account as far as possible does not have the balance, lest the account is stolen causes the economic loss.