Jingdong 12G user data leaked! Secret behind the black industry chain

Jingdong’s responding users did not seem to be buying it. In fact, this is not the first time Jingdong has experienced user data leakage. Behind it, it reflects the increasingly complete, well-distributed data-selling black industry chain.

Recently, according to media reports, a 12G data package appeared on the black market, including user name, password, mailbox QQ number, phone number, ID card and other dimensions, with tens of millions of data. Both the buyers and sellers of the black market said, "These data come from JD." According to reports, BOE said that it was urgently verifying the authenticity of the data.

Earlier this morning, the Jingdong Blackboard newspaper issued a response statement saying that, based on preliminary judgment, the data originated from the 2013 vulnerability issue of Struts 2. After the security problem of Struts 2 occurred, the system repair was completed quickly, and the security upgrade prompt was issued for users who may have information security risks. Most of the users affected by this time also upgraded the account security. "But there are still very few users who have not upgraded their accounts in time, and there are still some risks."

Jingdong also said that users are strongly advised to attach great importance to information security and privacy protection, use unique user names and login passwords in e-commerce and payment systems involving property, open mobile phone authentication and payment passwords, and set login passwords and payment passwords. Improve the account security level for high-intensity complex passwords.

However, Jingdong’s responding users did not seem to buy it. On Weibo, “Jingdong user data was leaked” quickly went to the microblogging hot search list. Under Jingdong’s official Weibo, users voiced a lot of voices. Some netizens said that Jingdong’s response did not solve the problem, but shirked responsibility. "I give the translation, the first paragraph, this is not my business. In the second paragraph, security is the user's business. Not only is there something wrong with my family, it is not a problem with my family."

Netizen "campus channel operation" said, "I found that Jingdong's account was leaked, and Jingdong complained, Jingdong replied that his system is very safe. This time it was really Jingdong's slap in the face."

Jingdong 12G user data leaked! Secret behind the black industry chain

Jingdong has repeatedly revealed user data

According to a financial report, the relevant person said that the time for data leakage has been relatively long. As for why it is now circulated, the reason is unknown. It is difficult to confirm whether it is "inner ghost" or "hacking." In fact, this is not the first time that Jingdong has experienced data leakage.

On the eve of 2015, Jingdong was exposed that a large number of user privacy information was leaked. At that time, Jingdong’s response was that the users used the same registration information (username and password) and were used by lawless elements to swindle after being leaked by other criminals.

The public opinion at the time did not buy the explanation for JD. Some media questioned that if the real e-commerce website did not reveal the theft of user information at the same time, it was essentially because Jingdong was unwilling to admit that there was a "security loophole" problem.

The follow-up of this storm ended in a social news in April this year. The Legal Evening News reported that three employees of Jingdong Mall had gone through the company's database system and illegally obtained 9131 personal information of Jingdong Mall customers and sold them to telephone fraud criminals. According to reports, the three people illegally gained nearly 40,000 yuan.

After the case was publicly disclosed, it also revealed an astonishing detail: the customer information system of Jingdong Mall, the three people involved in the case did not have the right to log in. However, according to reports, Jingdong Mall has a case where the login ID and password of the employee who has the system login permission are "shared and used" by other employees who do not have the system login authority.

Prior to this, Jingdong’s rumors of user information disclosure continued. In February 2014, some netizens broke the news on Sina Weibo, saying that the Jingdong user database data was leaked, and it is recommended that people with funds in the account be dealt with as soon as possible.

On December 27, 2011, WooYun.org broke the loophole of user data leakage in Jingdong Mall, and a large number of user accounts and passwords were made public.

Black industry chain for data trafficking

With the increasing popularity of the Internet, data breaches have become the norm for Internet security issues. The e-commerce online reporter learned from an industry insider who did not want to be named that the chain of network black production is complete, the division of labor is sophisticated, and the information on public sales accounts is becoming more and more common.

In this gray chain, there are three links: data providers and data brokers and data buyers. There are two sources of these data. On the one hand, hackers use system vulnerabilities to obtain, on the other hand, they are reselling data. On the eve of 2015, Jingdong’s leaks were caused by internal violations.

The buyers of the data are also of different purposes. There are some similar business platforms, which will purchase these leaked user data for the sake of edm promotion. Some telecom fraud parties will look at the data and impersonate the platform to deceive consumers because they can accurately report relevant information. Consumers usually Will reduce vigilance.

These data are usually reversed many times, the price is not the same, the previous three Jingdong employees who sold 9313 Jingdong users have illegally earned nearly 40,000 yuan.

Li Shaopeng, editor-in-chief of the security cow, said that data can be classified according to its value, and it is more likely to be filtered through layers. Data that includes the user's payment information, credit card, and bank account information is more valuable.

Whether the Internet company encounters a drag or crash, personal privacy data is facing an increasing risk of disclosure. Industry insiders suggest that when registering Internet services, individuals should not fill in too much personal information, and try not to set other Internet service accounts to the same password.

Digital Signage

Digital signage includes digital signage hardware, digital signage solutions, information cloud publishing systems, LCD screens, touch screens and other advertising display equipment. JMSX digital signage is widely used in shopping malls, restaurants, churches, enterprises and other places.

digital signage software,digital signage solutions,digital signage board,digital signage hardware,electric signage,digital signage media player

Jumei Video(Shenzhen)Co.,Ltd , https://www.jmsxdisplay.com