100m users exposed in hacks of popular Chinese sites
Chinese Internet users are getting a taste of what users in the Western world have already become accustomed to: changing their online passwords and fearing that their credit card and other personal and financial information was stolen and will be misused by cyber crooks.
A number of internet forums, social networking and online gaming sites and others have apparently had their databases containing customers’ information compromised through a series of attacks and leaked online.
According to Caixin, the first breach was revealed by security company Qihoo 360, which discovered that a list containing over 6 million user IDs, passwords and email addresses belonging to the users of the China Software Developer Network (CSDN) was circulating online.
In the following days, user account information pilfered from many other sites was discovered, including those of users of social networking sites Renren and Kaixin001, microblog platform and Twitter competition Sina Weibo, online gaming sites 17173.com and duowan.com, and Internet forum Tianya. It seems that over 100 million Internet usernames, passwords and emails have been compromised in total.
Some of the sites such as CSDN have confirmed the breach and urged its users to change their passwords, while Sina Weibo denied that the alleged list of passwords belonging to its users is legitimate, since the company keeps them encrypted.
Qihoo 360’s Vice President Shi Xiaohong has blamed the companies behind the sites for the catastrophic results of the breaches, since most of them obviously do not encrypt sensitive information of its customers.
The sentiment was echoed by China’s Ministry of Industry and Information Technology (MIIT), who immediately mounted an investigation into the (alleged) breaches and asked the companies for their cooperation.
But, it seems that Chinese companies are only partly to blame for the leaks. According to law experts, China could definitely do with more specific laws regulating the protection of user information, as current ones are “impractical to use.”