Web security questioned after data leak
Updated: 2011-12-24 08:18
BEIJING - The personal information of more than 6 million Internet users on CSDN, or China Software Developer Network, the country's largest programmers' website, was leaked by hackers, raising concerns about web security and triggering widespread panic.
The leak was first exposed by China's leading anti-virus software provider, Beijing-based Qihoo 360, on Wednesday. The company said the leak included user IDs, passwords and e-mail addresses in clear text.
The hacking case escalated on Thursday after the personal details of subscribers to more websites, including popular online gaming and social networking sites, were leaked.
Online media reports said the personal data of up to 50 million Internet users has been leaked so far, but the number could not be independently verified.
In response, the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) issued a statement Thursday, saying the CSDN's user data bank that leaked on the Internet was created before April 2009 and the passwords were stored in clear text, but the passwords had been encrypted after the data bank was upgraded in April 2009.
"Therefore, similar security problems have not been found in the newest user data bank," the statement said.
Technical experts are investigating how many websites and users were actually involved in the hacking case, said Zhou Yonglin, director of the CNCERT/CC Operating Department.
"False information and exaggerations cannot be ruled out," he said.
Nevertheless, CNCERT/CC has ordered CSDN to take immediate action in repairing the system hazards and providing users with timely security solutions.
Computer security experts at Qihoo 360 believe the leak has spread to other websites.
"Many Internet users have registered the same passwords for their e-mail, microblog, online gaming and online payment accounts, so, if the server of one of the websites is hacked, their accounts and passwords on other websites would also be stolen," said Qihoo 360's Dr. Shi Xiaohong.
Police authorities in Beijing told Xinhua on Friday that an investigation has been launched.
Web security in question
Disgruntled Internet users in China rushed to change their passwords after the leak occurred, the largest of its kind in the history of China's Internet development.
"It is very annoying. I had to spend almost an hour changing the passwords of all my online accounts, especially those for payment accounts," said Li Xing, a white-collar worker at a technical company in Beijing.
"I wouldn't dare register my personal information on the Internet in the future," she said.
In the first half of this year, 217 million Chinese Internet users, or 44.7 percent of the country's total online population, were attacked by malware, including viruses or Trojan horses, and 121 million had the experience of having their accounts or passwords stolen, according to the China Internet Networks Information Center (CNNIC).
Computer experts have advised Internet users against panicking, saying that changing their passwords in a timely manner would prevent their privacy from being violated.
But other experts said changing passwords can only address the symptoms of the problem, not the cause.
"Users should enhance the protection of their personal information by not providing too much real information in online registrations and setting difficult passwords that will be hard for hackers to crack," Zhou Yonglin said.
"Internet operators should strengthen their management, self-discipline, security guarantees and emergency response capabilities," he said.
"The government should attach great importance to new security issues arising from the application of various new technologies and intensify the crackdown on illegal industry chains," he said.
Earlier this week, authorities in Beijing, Guangzhou and Shenzhen launched an Internet supervision measure requiring local microblog operators to implement real-name registration requirements for users, a move designed to curb online rumors and enhance social credibility.
It is not immediately clear whether the latest information leak will affect the Internet supervision measure.
China has the world's largest online population, with the number of Internet users reaching 485 million by the end of June this year, CNNIC figures show.
Also Friday, the State Council, or China's Cabinet, announced that the government will accelerate the development of the next-generation Internet industry in the next few years and boost the sector's role in stimulating the economy.
Network and information security protection will be strengthened so as to comprehensively improve the safety and credibility of the next-generation Internet industry, according to a statement released after an executive meeting of the State Council presided over by Premier Wen Jiabao.
"We are also in dire need of speeding up information security legislation in order to perfect the web security system and strictly carry out the responsibility system," Shi Xiaohong of Qihoo 360 said.