Qihoo confirms network engineers cracked a card loophole and malicious recharge by criminal detention

Abstract: Qihoo 360 Company issued a statement confirming that network engineers cracked a card loophole and malicious recharge by criminal detention September 25 news, a few days ago media reports Qihoo 360 company network engineer Yang cracked the system loopholes in the municipal card, help themselves and colleagues malicious charge Qihoo 360 Company issued a statement, Confirmed that network engineers cracked a card loophole and malicious recharge by criminal detention

September 25 News, a few days ago, the media reported that Qihoo 360 network engineer Yang cracked the system loopholes in the municipal card, to help their own and colleagues malicious recharge more than 2,600 yuan, and therefore been in detention for 6 months. 360 companies today issued a statement confirming the matter and apologizing to the public.

360 in the statement said that there are two technical departments Guan Gong used to crack the Beijing municipal card password, and malicious credit card consumption, involving the amount of 1700 yuan.

360 company said, "Two employees to use a card loophole consumption, although it is personal behavior, but my company should bear the responsibility of staff education, and has taken appropriate measures to strengthen management, to avoid the recurrence of similar incidents." Here, we solemnly express our sincere apologies to the public. ”

The following is the full text of Qihoo 360 company:

About the media coverage of the company's employees using a card loopholes card consumption instructions

Recently, a media report said, Qihoo two employees cracked the Beijing municipal card password, malicious recharge card consumption. In this respect, our company explains as follows:

(1) at the end of 2010, our technical department found that there is a security loophole in the city card system, because the loophole involves tens of millions of cardholders of the public interest, my company the first time to the relevant departments to do a report. Then, at the request of the relevant departments, our company was commissioned to study the vulnerability to further determine the severity of the vulnerability, its research process found that can directly recharge, we have to the relevant departments to do this demonstration and simulation.

(2) A few months later, two of the engineers involved in the study, due to the lack of legal awareness, can not resist the temptation to recharge the private consumption, involving the amount of 1700 yuan.

(3) After the incident, our company actively cooperate with the public security organs for investigation, and in accordance with the provisions of the company to remove these two employees. Because this flaw involves the public information security, our company according to the related department request, the external has not disclosed.

(4) Two employees to use a card loopholes consumption, although it is personal behavior, but my company should bear the responsibility of staff education, and has taken appropriate measures to strengthen management, to avoid the recurrence of similar incidents. Here, we solemnly express our sincere apologies to the public.