"Shop No. 1th" and other users information leaked Internet security problems were tortured

Internet security has been a subject of concern to the media and users, recently, "store 1th" and other user information has been leaked, internet security issues have come into the public eye again, faced with questioning and torture. From a "Store No. 1th" 900,000 full field of user information, the "Daily economic news" reporter on the above user information to one by one validation, the results show that most of the user data is true information.

It legal person Zhao occupation says this relates to the security issue of "store 1th" customer account funds.

$500 Sale 900,000 user information

last night, the Daily economic news reporter contacted the Twitter users to "get kicked" to sell the user information sellers. The seller said that he currently has "store No. 1th" As of July 2011 900,000 full field of user information, including mobile phone, order Amount, address, mailbox and so on, the price is 500 yuan.

The seller told the reporter that his price has been very cheap, if not urgently, it will not be so cheap. He said reporters can inquire, compared to other sellers out of the 3000 yuan ~5000 yuan Price, the price has been very cheap. In order to show that the data is true, the seller sent a copy of the user information to the reporter, the information is very comprehensive.

"Shop 1th" PR director Liang Yan in the "Daily economic news" reporter interview, said that the user information was leaked, "shop 1th" has been in the internal investigation, specific reasons for the unknown. "Shop No. 1th" has also made a report with the relevant parties, there will be staff to investigate.

Liang Yan says "store 1th" is freezing accounts for the amount of users. Once the system found that the amount of its account, the first time will be frozen processing, and then prompts the user to verify identity. The user's account information is unfrozen after the user resets the password and resets the mailbox.

Leaking data to users narrowly cheat

"shop 1th" Ms. Zou, has experienced an information leakage storm.

Ms. Zou told the Daily economic news reporter, she on March 11 in "Store 1th" to help friends to purchase goods, at that time did not know the detailed address, wrote a "Monday fill in", in the absence of payment, "Shop No. 1th" This order has not been effective. March 12, Ms. Zou continued unfinished orders to pay but forgot to fill in the detailed address, is still "Monday fill in."

Because the address was not filled out at the time, the final delivery is with the courier to communicate the detailed address, the goods will be delivered to friends. Ms. Zou added.

Two months later, Ms. Zou's friend on May 22, received claiming to be "Shop No. 1th" Customer service phone call, said by Ms. Yu Yu before "shop 1th" consumption, to send a VIP membership card. However, "Store No. 1th" recorded the address is "Monday fill in", I hope that Ms. Zou's friends to tell the details of the address to customer serviceTo send gifts.

Ms. Zou's friend did not realize the user information leak, so he told the details of the address. May 23, Ms. Zou's friends are outside the office, courier staff will be sent to the company, colleagues to help their behalf of the "cod" 298 yuan. Zou Lady's friend back to the company, immediately and "1th shop" customer service contact. Because the "customer service" did not say that the need to pay, however, "shop 1th" customer service told him that he did not give VIP membership card activities, but no goods to pay the gift, Zou Lady's friends know cheated.

May 23, Ms. Zou and her friends call "Shop No. 1th" Customer service, hope to be able to beg for a statement but not fruit. Subsequently, Ms. Zou's friend emergency contact Carrier Express Company, with the help of The courier company, May 24 recovery was cheated 298 yuan.

Ms. Zou said that the friend's message must have leaked out of "store 1th". Because, only in "Shop No. 1th" When shopping, fill in the wrong address to "fill in Monday." "Shop No. 1th" has not been said, and has not contacted her.

In this respect, Liang Yan said it was not aware of the need to verify with the relevant departments.

Electric Business enterprise without fault to be self-certified

"No. 1th Shop" Things are more special, involving the security of the account funds raised. "It legal personage Zhao Occupation said, the electric business enterprise and the user through the user Agreement established the Service contract relations, the electric Business enterprise needs to fulfill the basic information security guarantee duty." Failure to fulfill these obligations leads to the theft of the user's registered account and shall be liable for breach of contract.

Zhao Occupation said that the funds in the registered account need to take more stringent security measures, such as mobile phone binding verification, funds to extract the original way back, otherwise need further verification and so on.

He said that legally, the theft of accounts and funds of the illegal elements bear the direct legal responsibility, and the site is responsible, mainly to see whether the above mentioned obligations, whether there is fault in this respect, mainly rely on the electricity business enterprise proof.

Zhao Occupation believes that Ms. Zou is involved in the crime of fraud, the website is responsible, mainly to see whether there is fault, whether the basic security measures taken. For example, firewall, encryption to save user data, security protection level is in line with the legal provisions and so on. Because users do not have the means to come up with such evidence, but also need to have a website self-certification without fault.