Last week, China's largest software programmers' Web site CSDN (China Software Developer Network) was hacked, and account information for more than 6 million users was leaked and quickly spread via the Internet. One day later, Tianya, the biggest Chinese online forum, was reportedly hacked for the account information of 40 million users. This cyber attack has continued, with several well-known sites like the Duowan game, the 7k7k game, the e-commerce sites 360buy and Dangdang, some popular social networking and dating sites being hacked and user data leaked. Some sites' databases have been published on the Internet and can be easily downloaded.
Part of the CSDN leaked database download is shown here:
This incident is the largest data leak ever in China. The public databases contained personal account information, including user names, passwords, and email addresses. This data leak has caused great concern among millions of Chinese "netizens," especially those who use the same user name and password to access multiple Web sites. Clearly, this practice increases risk for these users, as criminals can easily use information from 1 account to log in to a user's other accounts to obtain even banking information.
CSDN and Tianya have since admitted that a user account data leak occurred, but the root cause and scale of the leaks are still under investigation. Both organizations have issued public apologies to users and urged them to change their passwords immediately. They have also asked the police for help.
A contributing factor to the severity of the data leaks is that much of the user information stored in the companies' databases was in plain text with no encryption. CSDN has admitted that old passwords in a backup file were saved in plain text until the year 2009, when they started to encrypt all user information. Unfortunately, the plain text personal data leaked to criminals affected millions of users and will certainly raise great concerns about Web security in the future.
In an analysis of this data leak, some experts conclude that it was the result of a professional hacker attack technique called "Drag Database." In this technique, hackers first try to exploit the vulnerabilities of a target site. They then inject a Trojan to compromise the site and get the administrator authority to export the user database table, which they either store for future use or upload to the Internet for others to download. This underground industry can earn huge profits for hackers.
This incident taught a profound lesson to both the Internet industry and individual Internet users. Users should enhance the protection of their personal account information by setting complicated passwords that are hard to crack and changing those passwords regularly. Internet companies should strengthen their user data management, and improve security guarantees and emergency response capabilities.
Websense made five predictions for security trends in the year 2011, and this huge data leak exactly matched the third prediction in that list:
Prediction #3: Status update: More corporate data breaches will occur over social media channels.
Search poisoning won’t be limited to Google, it will migrate to Facebook. Hackers will manipulate Facebook search algorithms to trick users into visiting fake brand and celebrity pages and increase exposure to malware.
Employees will post confidential corporate data to public pages.
Social media users will also be vulnerable to spam and malicious data-stealing content.
Websense security products can protected customers from this kind of data leakage incidents through our DLP(Data Loss Prevention) technology and TRITON™ solutions.