How to treat the 65.438+0.7 billion pieces of information leaked by superstar learning links? If it is true, what harm will it cause to users?

In today's information age, in the face of endless data leakage incidents, countries, enterprises, institutions and individuals should pay more attention to data security and strengthen the protection measures for their own data. Once it is leaked, the bad guys can log in to your account to get more information, and even pretend to be you to do bad things and take away your assets (including virtual assets and real assets).

Network security has a long way to go. It is really common for major websites to be removed from the shelves.

Let's take a look at how many tragic leaks have occurred at home and abroad in just 20 18. I screened and listed familiar companies here, including AcFun, Tong Yuan, Zhu Hua, Facebook and Andema.

Similar events abroad:

1, Facebook

Leakage index: three stars.

Number of leaks: more than 87 million.

Activity time: March 20 18 17.

Event review:

2065438+March 2008, a data analysis company named Cambridge Analytica collected the personal information of 50 million Facebook users through an application, which described the users' personalities, social networks and participation in the platform in detail. Although Cambridge Analytica claims that it only has information about 30 million users, the initial estimate is actually very low after confirmation by Facebook.

20/kloc-in April, 2008, the company informed 87 million users on its platform that their data had been leaked.

Unfortunately, with the in-depth review of Facebook applications, the Cambridge Analytica scandal seems to be just the tip of the iceberg. On June 27th, 20 18, security researcher Inti DeCeukelaire disclosed another application named Nametests.com, which has exposed the information of more than 6,543.8+2 billion users.

2. Andema

Leakage index: four stars.

Number of leaks: 65.438+0.5 billion.

Activity time: 2065438+May 25th, 2008.

Event review:

On March 25th, 20 18, Andema, a famous American sports equipment brand, claimed that the user data of1500,000 MyFitnessPal was leaked. MyFitnessPal is a food and nutrition theme application owned by Andema, which is popular for tracking the calories consumed by users every day, setting exercise goals, integrating data from other sports equipment and sharing exercise results on social platforms.

The company said that the user data affected by the data leakage incident includes user names, e-mail addresses and encrypted passwords, but does not involve private information such as the user's social security number, driver's license number and bank card number.

Domestic:

1、AcFun

Leakage index: two stars.

Number of leaks: 8 million.

Activity time: 2065438+June 2008+April 2008.

Event review:

In the early morning of June 18, ACFUN (Station A), a well-known domestic website, issued the Announcement on User Data Leakage Caused by Hacking Attack in official website, claiming that the website was hacked and nearly ten million pieces of user data were leaked, including user ID, nickname, encryption password and so on.

In fact, as early as March, some people publicly sold AcFun's first-hand user data in the dark network forum, with the number as high as 8 million, and the price was only 1.2 million yuan, with an average of 800 0 yuan available. Before AcFun released this data disclosure announcement, some people in the dark network also peddled their shell and intranet permissions. The main selling points are large amount of data and high daily flow.

2. Tong Yuan

Leakage index: five stars.

Number of leaks: 654.38+0 billion.

Activity time: 2065438+June 08 19.

Event review:

On June 9th, 20 18, a user with ID "f666666" began to sell 10 billion pieces of Tong Yuan's express data on the dark net. The user said that the data sold is the data at the end of 20 14, including the sender's name, telephone number, address and other information.

And users also support users to check the authenticity of data, but the check fee is 0.0 1 bitcoin (about 43 1.98 yuan), and the check data volume is 1 ten thousand. This test data is randomly selected from 65.438 billion pieces of data, and each piece of data is completely different. In other words, users can buy 65.438+billion pieces of personal user information of Tong Yuan Express only by spending 430 yuan RMB, while 65.438+billion pieces of data need 4365.438+0.97 RMB.

3. Check-in information of several hotel chains owned by Zhu Hua.

Leakage index: five stars.

Number of leaks: 500 million.

Activity time: 2065438+August 28th, 2008.

Event review:

The opening information data of several hotel chains owned by Zhu Hua are being sold in secret. The affected hotels include Hanting Hotel, Grand Mercure, Joy, Manxin, Novotel, Mercure, CitiGo, Orange, All Seasons, Starway, Ibis, Yilai, Haiyou, etc., and nearly 500 million pieces of data were leaked!

As can be seen from the screenshots circulated on the Internet, the data information that hackers are currently carrying out is as follows, and there are several big figures worthy of our attention:

(1) Zhu Hua official website registration information, including name, mobile phone number, email address, ID number, login password, etc. ***53G, about 65438+23 million records;

(2) Hotel check-in identity information, including name, ID number, home address, date of birth, internal ID number, ***22.3G, ID information of about 65.438+300 million people;

(3) Hotel opening records, including internal ID account number, HS number, name, card number, mobile phone number, email address, check-in time, check-out time, hotel ID account number, room number, consumption amount, etc. , ***66.2G, about 240 million records.

The integrity of the data is shocking.

The poster claimed that all the data were published from the database on 20 18 and 14, and each part of the data provided 10000 test data. All data are packaged and sold in 8 bitcoins, which is about 370,000 RMB according to the exchange rate of the day. According to media reports, the poster said that the price would be reduced to 1 bitcoin for sale.

According to the researchers, the reason for the leak was that the programmer of Zhu Hua Company uploaded the database connection method and password to GitHub. The database information was transmitted to Github 20 days ago, and the hacker dragged the database 14 days ago. Hackers are likely to use this information to attack and drag libraries.

In today's information age, in the face of endless data leakage incidents, countries, enterprises, institutions and individuals should pay more attention to data security and strengthen the protection measures for their own data.

What harm has the user suffered?

Let's talk about a simple impact: many user passwords are exposed, and many users' passwords may be the same on all platforms. If some websites generally verify that your account can be logged in by others, the bad guys can get more information and even pretend to be you to do bad things and take your assets (including virtual assets and real assets).

Network security has a long way to go!