Last night, cloud network confirmed the Millet Forum official database was leaked, and in the data involved millions of forum registered users. And hackers according to the leaked data can enter the millet account, and through the millet cloud services to obtain contacts, photos and other information. And in the Internet is highly popular today, many people are in order to conveniently remember so often in all places using the same group ID and password, from the Millet Forum, NetEase mailbox, Sina Weibo to Tianya ... When the hacker "drag the Library" after the target account to "test" the success rate may be greatly improved.
In this morning, the millet official issued a response said: "After verification, it is true that some of the forums registered in August 2008 before the Forum account information was illegally acquired"; for the reasons for the leakage, Millet explained that "in the early days of entrepreneurship, our forum and the account system generated by the forum has used a third party open source program."
The following is the official response of Millet:
Dear Millet Users:
May 13, 2014, we received some early Millet forum account information may be leaked news, the first time a comprehensive security check.
After investigation, there are some August 2012 before the registered Forum account information was illegally acquired.
We apologize for the trouble the user has brought to the event.
This part of the account information has been strictly encrypted (independent salt one-way hash value), and many users have modified the password in recent years, the actual risk of only a small part of. Prior to the announcement, we have not found any visible traffic disturbances and complaint reports.
It is confirmed that the user who registered the Millet account after August 2012 is completely unaffected in this incident; before this registered Millet forum account, and in August 2012 after the user did not modify the password, for security reasons, we will be through text messages, mail and other means to prompt their password change as soon as possible. For the small number of accounts that may be at risk, we will ask them to change the password immediately.
In the early days of entrepreneurship, our forum and affiliate forum generated account system using a third party open source program. August 2012, based on security considerations, the old Forum account system is no longer used, millet will be all services (including millet cloud services, rice coins, etc.) switch to a new account security system, the adoption of the industry's latest security practice program, all the storage data have been the most stringent security encryption.
User account and privacy security is millet attaches great importance to the top priority, we have been the most cautious attitude, spared no effort to enhance security measures, including remote login early warning, security token login. When users log in to use important services (meter currency center, small Mi Yun service, etc.), they will also get security prompt push on the phone.
We will pay close attention to the security incident dynamic and user feedback, continuous follow-up and timely notification.
Millet Safety Center
May 14, 2014