More users' data hacked

More users' data hacked

Global Times | December 27, 2011 00:25
By Zheng Yi

The registration details of about 40 million users of tianya.cn, a big social networking site, were found to have been leaked on Sunday, following last Thursday's discovery that user information had been leaked from several other websites.

According to Web users, tianya.cn was hacked and some 40 million users' names and passwords were accessed. The details had been stored in clear text format instead of being encrypted, the Chengdu Evening News reported.

A tianya.cn customer service staff member who wished to remain anonymous confirmed the leak and said it was being investigated.

"The released information belongs to users who registered on our website before November 2009, when we saved information in clear text format. After that we started using encryption," she said.

As the old data had not been deleted by tianya.cn in a timely manner, it was accessed and leaked by a hacker, according to the Chengdu Evening News. About 60 percent of all tianya.cn's registered users have had their details leaked.

"We have e-mailed and messaged users informing them that they should change their passwords. We have reported the case to the police and we are doing our best to find the hacker," said the staff member.

Tianya.cn also posted an apology on its website.

Sina Weibo, a Chinese microblogging service, was also suspected to have been hacked with around 4.7 million users' information leaked, but this was denied by Sina Weibo, which claimed in a statement that its user information was saved in encrypted form and had not been stolen by hackers.

Early Thursday, Chinese Software Development Net (CSDN), China's largest online community for computer programmers, was hacked and the details of 6 million users were leaked. CSDN posted an apology on its website.

Fang Binxing, president of the Beijing University of Posts and Telecommunications, and an expert on information security technology, said that leaks are mainly down to websites' poor awareness of the importance of protecting users' data.

"All websites should save users' information in encrypted form rather than clear text," Fang told the Global Times.

Wang Sixin, a law professor at the Communication University of China, agreed. "It shows that many websites in China are not technologically up to date and are inadequately managed," Wang said yesterday.

Those users whose details have been leaked are more likely to be harassed by others so websites must do more to protect their privacy, Wang added.

Sun Chuanzhi, a computer programmer in Liaoning Province, told the Global Times that Web users should change their account names and passwords as soon as possible to try to prevent their private information being used for illegal purposes.