NetEase Francisco December 25th message, vulnerability reporting platform cloud vulnerability report released today said that a large number of user data in the Internet 12306 crazy pass, including user account password, identity card, plaintext mailbox, resulting in a large number of user data leakage. Vulnerability reporter said: the new year, a lot of black cattle do not die, just saw 12306 of the data in the spread, even my own sensitive data are."
cloud network report shows that this vulnerability has been handed over by the CNCERT National Internet Emergency center. Cloud network vulnerabilities reported that the data is only in the dissemination of sales, is currently unable to confirm that the official 12306 or third party ticket platform leak. However, some insiders said that the 12306 itself is encrypted stored passwords, it should be the third party software to grab votes leaked. You also don’t get 12306 wrong, wait for the results, but the password is still very necessary. NetEase science and technology continue to follow up the incident. (Xiao Yi)
for the vulnerability report, 12306 website issued an official announcement:
remind passengers on the use of 12306 official website ticket announcement
appeared on the Internet, 12306 site user information crazy pass on the Internet, the report, after careful verification of my site, this leaked information contains all the user’s plaintext password. All of my website database password is a number of non encrypted plaintext conversion code, the user information leaked online department or other channels through the outflow. Currently, the public security organs have been involved in the investigation.
I site solemnly remind the passengers, to ensure the information security of the majority of users, please you through the official website of 12306 tickets, do not use third party software to grab votes ticket, or the third party ticket, to prevent leakage of personal information of your identity.
at the same time, I remind the majority of visitors to the site, part of the third party web site to grab tickets artifact, there are bundled sales insurance function, please note that the majority of visitors.
China Railway Customer Service Center
December 25, 2014