Absrtact: No. 1th Store user Information Disclosure incident has not been exhausted, Dangdang recently also because of information security work is not in place by the user questioned. Yesterday (June 14), a user said that its purchase of 10 face value of 500 Yuan Dangdang gift card, stolen and embezzled. Freeze accounts at user's request
Shop No. 1th "User Information disclosure" incident has not been exhausted, Dangdang recently also because of information security work is not in place by the user questioned.
Yesterday (June 14), a user said that its purchase of 10 face value of 500 Yuan "Dangdang gift card", stolen and embezzled. In the user's request to freeze the account to avoid losses, Dangdang customer service in the follow-up process did not freeze the account in time, resulting in the user suffered about 1000 yuan loss.
Subsequently, the daily economic news reporter called Dangdang, the relevant officials said that the matter is being followed up and investigated, the current user account has been frozen, and has been told the user.
In this respect, it legal person Zhao Occupation said, gift card account number, password sent to the user's registered account can not be used, there are two main possible: first, the site is the delivery of the gift card itself can not be used; the second is that the registered account is stolen to cause the gift card stolen. Therefore, Dangdang should compensate for the corresponding losses. At present, some of the electric dealers to the user account security is not enough attention, needs to attract industry attention.
User: Account security system existing defects
Dangdang users Lin Yu (alias) told the Daily Economic news reporter, its June 6 in Dangdang bought 10 500 Yuan gift cards. As a result of the purchase Dangdang did not clearly indicate the card or electronic form to give the card number and password, until June 11 has not received the physical card, only received invoices. It immediately call Customer service, customer service said in electronic form, not the mailbox is the account, Lin finally saw in the account 10 card card number and password.
Subsequently, Lin the card number of the gift card, password to colleagues, but the accident occurred, these cards can not be used (card number and password does not match). Lin hurriedly call Dangdang Customer service Department, customer service personnel in received complaints said, backstage see card number has already been activated on June 10. Lin said it was not their own activation, customer service staff said later the reply will not be thereafter.
June 12, Lin again call Dangdang, request to freeze its already activated card number and account, in order to avoid unnecessary losses. When the staff member indicated that it could be processed first, the same as the last time. When Lin Yu called again, but was told that the amount of money in the card has been used, this is the third day to find the problem.
In this regard, Lin that Dangdang as an E-commerce site, in the capital transactions do not have a good security system, there is no good security management system, such as the user to confirm. Dangdang response mechanism is relatively slow, the user's demand can not make timely follow-up, even users to report accounts stolen, request to freeze accounts, Dangdang can not do.
Dangdang: Following up and investigating
Lin to the daily economic news reporter said, 5000 yuan is not a decimal, and therefore reported the police. The most puzzling is that customer service in communication with her, but also said that such a problem is not a case, the only difference is that the amount is larger.
On the question of Lin, Dangdang related officials said the matter is being followed up and investigated, the current user account has been frozen, and has been told the user.
In addition, Dangdang further said that Dangdang, in addition to freezing the balance of the account, also established Dangdang User Security Center, prompting the user password security level, and the corresponding measures to strengthen user information security. At the same time, upgrade registration login security Monitoring mechanism to curb brush library behavior. In addition, increase the security team, security facilities, to enhance the overall user information security. The theft of the incident should be the account has been stolen by the brush, and there is no relationship between the disclosure of information. User information security is related to the trust of Dangdang, Dangdang attaches great importance to. In addition to the above security team, security facilities, Dangdang also set up a dedicated anti-fraud team.
Lawyer: Dangdang should compensate the corresponding loss
In this respect, Zhao occupation to the "Daily economic news" reporter said, gift card account number, password sent to the user's registered account can not be used, there are two main possible: 1, the site delivered the gift card itself can not be used, it should be inside, in this case the site did not deliver the gift card in accordance with the order agreement, the need to bear the responsibility of breach 2, the user registers the account to be stolen causes the gift card to be stolen to charge. First of all, the site and users through the user agreement to establish a service contract relationship, the site should take the necessary technical and management measures to protect the user registration account security, otherwise, should bear the responsibility of default. Second, the registered account is stolen, may be caused by the fault of the site, such as failure to fulfil the obligation to ensure that the user information is hacked, but also may be caused by the user's own negligence. The specific reasons are not fully clear, Dangdang needs to investigate and give a clear explanation, if the site is the result of the fault, this should not be a case.
Zhao occupation further indicated that, no matter what causes the user account to be stolen, receives the user to complain after the website should promptly handle prevents the loss to enlarge, moreover is stolen the gift card to have the specific number and needs to consume on the website, the website has the ability to freeze the stolen gift card completely. Therefore, the website should be liable for the loss of the user, including the return of the gift card which has not yet been consumed, and the part already consumed.
"The website still does not pay attention to, or thinks invests a large amount of money to maintain information security outweigh." Zhao Occupation believes that the gift card delivered to the registered account does have a security risk, relative or delivery of the physical card is more secure, but the delivery of physical cards will increase logistics costs, but also difficult to achieve efficient and timely, and e-commerce, the essential characteristics of the contrary. So in the future should still be the direct delivery card number, password-oriented, the information security requirements of the site is very high, at present many sites in this area do not far enough. The survey by the China Software Testing Center also showed that many websites still have clear passwords in the CSDN (Chinese developer Technology online community) after the disclosure of user data.
There are insiders believe that Dangdang did not mention the form of card issuance, it does cause inconvenience to users, did not fulfill the obligation to inform. Because the enterprise is bigger, the department and the Department's response, the coordination is slower.
In addition, China E-commerce Research Center Network Shopping Guide and rights activist expert Yia Jianfang said, is currently the Internet more chaotic period, its own safety factor is not high, if the enterprise to electronic gift cards in the form of distribution, easy to encounter hackers and the user information completely exposed.