Suicide investigations: 12306 leak? A overrated scare
Bad news spreads.
Yesterday suddenly burst 12306 leaks: a privately circulated paper, contains 130,000 users account, clear-text passwords, ID cards, email, cell phone number and other sensitive information. Overnight, people panic.
12306 subsequently said in a response to: disclosure of user information by other sites, channels for outflow; also denies any involvement in the leak-related. This is really you? If not 12306 who is to blame for that?
SINA science and technology decided to launch a suicide investigation:
Since yesterday afternoon, SINA science and technology according to the leaked information, randomly interviewed 80 valid users, one by one, telephone inquiries, verification of the relevant circumstances, and modify 12306 password prompt each other in time.
First of all, we want to make sure if someone 12306 registered users, there is no third-party ticketing.
Results are displayed in our 80 users in the survey, only 11 users to confirm reservations for train tickets with third-party software, and most of the people use or client booking or 12306 official Web site. Further, approximately 90% of the users polled said 12306 website most recently did not sign, nor with tickets of the third party software.
Judging from this sample data, it is difficult to draw conclusions of third party tickets software leaks. 12306 then my leak? Our investigation also does not support this conclusion.
It cannot be denied that YouTube users correspond to the phone numbers and names are one by one, the leaked document fidelity is very high. In our survey, however, user Sina science and technology said that leaked the list password is not your new password. A user explicitly told Sina science and technology, at least 1 month ago has changed the password. There are 5 user’s cell phone number has been disconnected.
This information shows that the leakage of user information, it certainly is not up to date.
More noteworthy and another user. The user’s information in the 12306 leaked documents, according to their memories never used third-party ticketing software, and provided him with an important message: “open the door” when a data leak, your own user name and password, once exposed, and 12306 accounts after that event, the only thing he did not modify the account password.
Based on these statistics, we produced a suspect: a hacker got leaked before the account and password, login on 12306, if users happen to use the same user name and password, then hacking into the account, and then get information on ID cards and phone calls. In fact, then there are other institutions make the same assumptions. We will mention later.
So, SINA science and technology based on random samples, generally draws several conclusions:
1, had leaked most of the database the data is real.
2, database is not up-to-date.
3, the data are likely to be partly through “collision attack”. Is using the account information previously leaked and try to sign 12306 website, and ultimately to obtain social security numbers, phone numbers and other information.
4, leaked information may not be larger in scale and the user does not need to panic, but for security reasons, it is recommended to change it’s password.
In this survey, we also comes with some interesting statistical data: which third-party ticketing for many users. Results showed 80 respondents, 11 used third-party services, including: 5 using the 360 offers train tickets booking service, HSR Butler, 2 for 2 with Cheetah browser, one with ctrip, 1 use to go there.
Just mentioned also draws the conclusion, as described below.
12306 data leakage of sensitive data such as user ID, password, and clouds through spot checks found in some account verification can actually log on. Clouds, officials said, through analysis of the white hat, hit by a suspected hacker data library finishing are not 12306 leaks directly, asking the user to change passwords at the same time caution on tickets in a timely manner.
Security company–knownsec Sina science and technology’s security team also reached the same conclusion, 12306 alleged data breach is actually “collision attack”.
According to reported, knows create Yu random extraction has a account (about 50 a) are success landing 12306, proved has the batch data is accurate of; random contact has the batch data in the of multiple QQ user, are feedback no using had Rob votes software and recently no purchased votes behavior; by and group in the personnel for Exchange, General think the batch data for hit library proceeds, does not exists 12306 all data.
Finally, the security people search matches the data on the Internet in the past from 17173, 7k7k, uuu9 and other Web sites survive in search data leaked to the 131,500 user data, you can confirm that all data is obtained through the collision library.
Don’t know if this has been officially recognized. Yesterday, SINA science and technology survey, 80 users, there are two bits received 12306 prompted to change the password of the SMS, which means that most users didn’t get the hint. What kind of user can be prompted to 12306? Can’t find an appropriate explanation.
SINA science and technology yesterday afternoon to call Beijing 12306, customer service, customer service has apparently been aware of the leaks in the communication disturbance, and SINA science and technology, said all 12306 registered users will be prompted to change passwords and have authorized operators send alarm SMS, users received will be different. Obviously, this is more of an excuse as the explanation.
After that case, is worthy of reflection, one should not be overestimated for leaks, why turn into small panics?
Recalling this event. Dark clouds broke first vulnerability 12306 quickly responded, accusing the online disclosure of user information by other sites, or outflow channel. Not only that, 12306 suggested in the statement “do not use third-party software tickets Tickets, or third party Web site to buy tickets”, implying that tickets data breaches is a third party software or Web sites.
Yesterday afternoon, the third-party software have expressed innocent shot on SINA science and technology.
From our analysis, and other institutions, it seems really has nothing to do with a third party. Brain openings in which we further guess, maybe this case is thrown on the websites of third party plugins and a new round of regulation. Over the years, train ticketing service of third parties is controversial, what will happen in the future? Everything is still unknown.