Tencent Inc response, information disclosure and true,
has been repaired
domestic well-known security vulnerabilities monitoring platform 20 announced the report, Tencent QQ group relationship data is leaked, the thunder fast pass can easily find the data download link. According to the QQ number, you can check the name, age, social networking and even a lot of personal experience.
19, 360 laboratory researcher wadibia Internet offensive by the thunder to download, the exposure of the QQ group database, through a simple test to verify the authenticity of the data, the extract up to more than and 90 G, about about 70000000 QQ group, more than 1 billion 200 million parts of the QQ repeat number."
Tencent Inc 20 responded that the QQ group database leaked is true, but this vulnerability is found in 2011, had been repaired in a timely manner, does not affect the normal use of the existing users. At the same time, they are also fully guard against the possibility of reducing the possible damage to the database.
data can reveal the QQ group? Security alliance security experts speculated that the cosine should be exploited by hackers, the Tencent related business loopholes to get access to database, and then find the key to the Tencent or QQ group database, then the overall export. When hackers master the user’s social relationships, you can fully understand the user’s personal situation, the use of social circle of trust relations for fraud, a high success rate."
has been leaked information has been used by a number of sites to carry out precise data marketing
reporter survey found that the QQ group database has been used by a number of websites to carry out spam marketing, have hit the most accurate database cattle". A company called "war China" website sales mass mailing system, the merchant said: "a computer sends 100 thousand marketing e-mail! Super high rate, high open rate!"
reporter survey learned that the information disclosure has formed a complete interest chain behind. These user information or used for gang fraud phishing, or used for precision marketing, and even more to combat competitors.
cloud platform vulnerability founder Fang Xiaodun analysis, user information disclosure has two main reasons: the first is the enterprise initiative to disclose, mainly is the enterprise using the user’s data and information for profit; the other is a business because of the safety management is not perfect, by hackers or internal personnel artificially lead to disclosure of user information, such as leak at present, such as hotel accommodation information users.
Internet security official Meng De pointed out that the majority of security issues cloud report warning, in fact, underground industry has been using the number of months or even years, often to the hacker has no use value, will be released, surfaced.
"fix too late." Meng said that before the user’s personal privacy has been compromised, in addition to actively protect the information security of existing users, but also to prevent the leakage of information may have adverse consequences.