Millet said that some information about the account was illegally acquired

Absrtact: May 14 Morning News, Yesterday Night Cloud network published information showing the existence of the Millet forum user information leaked, the Millet official response said that there are some August 2012 before the registered Forum account information was illegally obtained, but this time after the user letter

May 14 Morning News, Yesterday Night Cloud network published information to show the existence of the Millet forum user information leaked, the Millet official response said that there are some August 2012 ago Registered Forum account information was illegally obtained, but this time after the user information has not been affected. Millet officials said it was deeply sorry.

Yesterday evening 00:13, Cloud Network announced a number: wooyun-2014-60627 security vulnerabilities, according to the description of the vulnerability, Millet forum user information was leaked. There are comments that some users have received fraud calls, "the source of the telephone can provide users with accurate information, name, address, telephone, merchandise purchase records, etc., to the delivery of goods to the sale of products and other fraudulent acts."

In the public response to this millet said: August 2012 after the registration of the user in the Millet account in this incident is not affected; For the previous registration of the Millet Forum account, and in August 2012 after the user did not modify the password, for security reasons, we will be through text messages, mail and other means to prompt its password change as soon as possible.

The following is the official response of Millet:

Dear Millet Users:

May 13, 2014, we received some early Millet forum account information may be leaked news, the first time a comprehensive security check.

After investigation, there are some August 2012 before the registered Forum account information was illegally acquired.

We apologize for the trouble the user has brought to the event.

This part of the account information has been strictly encrypted (independent salt one-way hash value), and many users have modified the password in recent years, the actual risk of only a small part of. Prior to the announcement, we have not found any visible traffic disturbances and complaint reports.

It is confirmed that the user who registered the Millet account after August 2012 is completely unaffected in this incident; before this registered Millet forum account, and in August 2012 after the user did not modify the password, for security reasons, we will be through text messages, mail and other means to prompt their password change as soon as possible. For the small number of accounts that may be at risk, we will ask them to change the password immediately.

In the early days of entrepreneurship, our forum and affiliate forum generated account system using a third party open source program. August 2012, based on security considerations, the old Forum account system is no longer used, millet will be all services (including millet cloud services, rice coins, etc.) switch to a new account security system, the adoption of the industry's latest security practice program, all the storage data have been the most stringent security encryption.

User account and privacy security is millet attaches great importance to the top priority, we have been the most cautious attitude, spared no effort to enhance security measures, including remote login early warning, security token login. When users log in to use important services (meter currency center, small Mi Yun service, etc.), they will also get security prompt push on the phone.

We will pay close attention to the security incident dynamic and user feedback, continuous follow-up and timely notification.

Millet Safety Center

May 14, 2014