Thursday, December 25, 2014

ecns [expanded by feedex.net]: Train ticket website leaks user info

ecns [expanded by feedex.net]

ecns

Train ticket website leaks user info
http://www.ecns.cn/2014/12-26/148223.shtml
Dec 26th 2014, 00:51

2014-12-26 08:51 Global Times Web Editor: Qian Ruisha


Official platform blames third-party sites for breach


China's official online train ticket purchase has come in for criticism following accusations it had leaked users' personal information, in spite of its explanation on Thursday that the leak was caused by third-party websites.


"The user information leaked online all contains non-encrypted passwords, but the information in 12306.cn's database is completely encrypted, which means that data leaked via other websites or channels," China's official train ticket sales website 12306.cn, said in a statement posted on its Sina Weibo.


The statement came after wooyun.org, a domestic Internet security monitoring platform, reported Thursday the leakage of user information from 12306.cn, claiming that leaked information includes usernames, passwords and emails. Wooyun gave the leak its highest risk level.


"The leak contains usernames and maybe even ID card numbers. It may lead to junk messages and even identification fraud," Wu Di, an employee with wooyun.org told the Global Times.


The leak allegations come amid peak ticket season in China, with 60-day advance ticket sales for trips during the Spring Festival, which falls on February 18, recently permitted.


"The longer pre-sale period makes the user information leak more dangerous, because it creates more opportunities for criminals to steal your identity and log on your account to sell the tickets you have already brought," said Ni Chao, an IT engineer and third-party software designer told the Global Times.


As China's only official website for train ticket sales, 12306.cn has been criticized by many passengers. "It crashes when too many people log in and try to get one ticket, which is why third-party software has become popular," said Ni.


Ni said that 12306.cn has an obligation to prevent this kind of leak instead of criticizing third-party software. "It needs to upgrade its system and makes sure this kind of leak won't hurt passengers' interests."


Wu added that there was a chance this leak may have been caused by some hackers who stole users' personal information, using account information acquired during a previous hack.


"It's because of the risk of this kind of leak that [users] should use a more complicated username, especially for important websites, and change their password regularly," said Wu.


The 12306.cn website also suggested in its statement that passengers buy tickets via the official website, and not third-party software or web browsers that allow them to cut ahead of others when snapping up tickets online.





You are receiving this email because you subscribed to this feed at https://blogtrottr.com

If you no longer wish to receive these emails, you can unsubscribe here:
https://blogtrottr.com/unsubscribe/qhG/Zc7fXt

No comments:

Post a Comment