Intimate messages between husband and wife were posted online by hackers

Recently, the public Xiao Zhang more depressed, she and her husband's intimate message was published to the Forum, and leaked their message record is actually hackers ... Hackers use loopholes to steal user message records "husband, I want Now", "Baby good, evening to buy You" ... Xiao Zhang and her husband's text messages, and the other hundreds of people in the text message record at the same time in a forum. After a number of emergency processing, the relevant forums to promptly delete these exposed text messages and mobile phone numbers. But Xiao Zhang is very distressed: the mobile phone has been around, did not lend to others, also did not send to repair, the mobile phone message is who stole it? After a lot of investigation found that the original is the website of the telecom operators were invaded, hackers downloaded copied the user's message records and mobile phone number, and then casually posted to the forum, It contains the short note record. The result was a surprise to Xiao Zhang. It is understood that the user's mobile phone number and SMS records are generally saved to the operator's website database, in addition to operational maintenance managers, other people are unable to query the download to. "If there is a major security breach in the site, the hacker can exploit the vulnerability to access the same administrative authority as the operator, and then go to the carrier's database, download it to the user's cell phone number, SMS chat record, and so on," said one network security expert. According to the patch-day vulnerability response platform statistics show that since June this year, a telecom operator has been found more than 300 vulnerabilities, these vulnerabilities will not only reveal user information, but also caused by remote attacks, was implanted into the phishing page, and so on threats. On the 4th of this month, the white hat "August" has submitted a high-risk SQL injection vulnerability to the carrier. This vulnerability can enable hackers to get direct access to 17 million of users of SMS records, 8 million user phone numbers and identity numbers and other sensitive information. The following December 5, the Telecommunications Operations Security Service Center confirmed the vulnerability and indicated that it would be repaired accordingly. Although it is not certain that the SMS of the small Zhang is caused by a loophole, it can be confirmed that these vulnerabilities have been discovered and repaired by the white hat before or have been exploited by hackers, resulting in the user's mobile phone number and SMS record leaking. The leak leaks the user, whether it is responsible for the enterprise? This is not the first time that users have leaked information about a Web site leak. This year, the express website leaked 14 million user information, last year a hotel system leaked 20 million customers to open room records, and so on, are due to web site vulnerabilities. Not only to the user caused significant losses, but also to the relevant enterprises caused direct or indirect economic losses. According to the "2013 China Web site Security Report," The data show that more than 95% of the domestic web site loopholes, more than 40% of the site has a backdoor. In the face of endless loopholes, Microsoft, Google, 360 and other companies have set up SRC (Security Emergency Response Center), launched a contribution to the spirit of white hat submission loophole to ensure that the fastest detection of vulnerabilities, the greatest degree of protection of enterprise network security. At the same time, for most enterprises did not establish SRC status, 360 also launched a complementary dayVulnerability response platform, proposed to help enterprises build their own src. In addition, the State is strengthening legislation on the protection of user information. "The state has legislated to emphasize the importance of enterprise protection of user information, if the enterprise because of insufficient security and leakage of user information, will be subject to heavy punishment", legal expert Che Cheng said that the newly promulgated Criminal Law Amendment (ix) (draft) NO. 286 One of the provisions of the network service providers do not perform the law Administrative regulations of the Information Network security management obligations, by the supervision of the notice to take corrective measures and refused to implement, in the following cases, the following three years of imprisonment, criminal detention or control, and a single place of fine. "In the future, the mobile phone message was stolen by hackers, users can directly investigate the responsibility of enterprises." With the continuous improvement of laws and regulations, as well as the importance of enterprise to information security protection and the establishment of third party SRC platform, three-pronged system will effectively protect the personal information security of citizens. (Source: China net finance)