Vulnerability also had not finished? The 12306 official website user data was leaked

Home > Finance

Vulnerability also had not finished? The 12306 official website user data was leaked

2017-04-21 18:59:19 115 ℃

Review of IDC network (idcps.com) 04 reported on 21 May: today in the afternoon, the reporter found in the official website of 12306 tickets, when a reporter from the personal account, the web page was automatically boarded another account, and personal information ID number, contact were found associated with the account, then click on the page commonly used reporter contact options page again refresh and display all of the information covered by the account account and others.

The reporter tries to operate the user account information in the site account page and other options, click on the access to get different personal identity information.

Reporters then call the 12306 official customer service to ask the user whether the information disclosure issue, the customer service staff said system now everything is normal, and there is no attack or leak, but the reason for the system to the customer service account information disclosure said is not clear.

As of 5:00 pm or so, the reporter once again log on 12306 official website, log off after the login page shows that all normal.

In early December 25, 2014, they had platform cloud network vulnerability report released the report, the user data leakage vulnerability 12306 sites, resulting in a large number of 12306 users of data spread in the network, and relates to a user account, password, ID card, express mail and other information.

For the exposure of the cloud network vulnerabilities, China railway customer service center at the time also responded: "this leaked information contains all user password in plaintext, and my website database of all user passwords are non plaintext conversion code multiple encryption, user information is leaked online by other sites or the outflow channel." Subsequently, the public security organs have been involved in the investigation.

After Chinese railway customer service center also reminded passengers to ensure the information security of the majority of users, please buy tickets through the official website, do not use third party software to grab votes ticket, or the third party ticket, to prevent leakage of personal information of your identity. At the same time grab the ticket, please be careful to use some of the third party web site development ticket artifact, to prevent the bundled sales of insurance to disclose personal information.

The 12306 site user data leakage again, what is the system appeared bug? Or the site's user data leakage vulnerability has not been patched up? Although the reason is not yet known, but we also hope that China railway customer service center can actively improve the site user data security related functions.