BreachExchange mailing list archives
Hacker, suspected of 6 million user info leak, detained
From: security curmudgeon <jericho () attrition org>
Date: Fri, 23 Mar 2012 13:05:24 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.shanghaidaily.com/nsp/National/2012/03/21/Hacker%2Bsuspected%2Bof%2B6%2Bmillion%2Buser%2Binfo%2Bleak%2Bdetained/ By Zhao Wen ShanghaiDaily.com 2012-3-21 The man suspected of hacking into China's largest website for programmers and leaking personal information of over 6 million users last December has been detained on charges of illegal acquisition of computer data, the Beijing News reported today. The suspect surnamed Zeng was held in Wenzhou, eastern Zhejiang Province on February 4 after Beijing police opened an investigation into the case on December 22, the paper said. The leak, considered the biggest in China's Internet history, occurred on December 21 when the personal information of more than 6 million users of the China Software Developer Network (CSDN) was exposed on the Internet for free downloading. Police said the leaked information contained user IDs, passwords and e-mail addresses in clear text. The leak had rippling effects on other websites, including online shopping, gaming, social networking and even financial service websites. Police noticed that most of the leaked data in the case were dated July 2009 to July 2010, indicating the CSDN server was hacked before July 2010. Zeng caught police's attention because he claimed in an online post in September 2010 that he gained command of the CSDN database and wanted to cooperate with the website, it was reported. He admitted to hacking into the CSDN server in April 2010 through a system loophole and sneaking into an online recharge platform and a stock brokerage system. During the investigation, police also uncovered four other hackers and investigation into their illegal activities is still ongoing, the paper said. After the incident, Beijing police gave CSDN an administrative punishment for lacking efforts to safeguard its database. CSDN apologized to its subscribers and claimed that its database has been safe since September 2010. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Hacker, suspected of 6 million user info leak, detained security curmudgeon (Mar 23)