[ISN] Hacker, suspected of 6 million user info leak, detained

From: InfoSec News <alerts_at_private>
Date: Fri, 23 Mar 2012 04:21:31 -0500 (CDT)
http://www.shanghaidaily.com/nsp/National/2012/03/21/Hacker%2Bsuspected%2Bof%2B6%2Bmillion%2Buser%2Binfo%2Bleak%2Bdetained/

By Zhao Wen
ShanghaiDaily.com
2012-3-21

The man suspected of hacking into China's largest website for programmers and 
leaking personal information of over 6 million users last December has been 
detained on charges of illegal acquisition of computer data, the Beijing News 
reported today.

The suspect surnamed Zeng was held in Wenzhou, eastern Zhejiang Province on 
February 4 after Beijing police opened an investigation into the case on 
December 22, the paper said.

The leak, considered the biggest in China's Internet history, occurred on 
December 21 when the personal information of more than 6 million users of the 
China Software Developer Network (CSDN) was exposed on the Internet for free 
downloading.

Police said the leaked information contained user IDs, passwords and e-mail 
addresses in clear text. The leak had rippling effects on other websites, 
including online shopping, gaming, social networking and even financial service 
websites.

Police noticed that most of the leaked data in the case were dated July 2009 to 
July 2010, indicating the CSDN server was hacked before July 2010.

Zeng caught police's attention because he claimed in an online post in 
September 2010 that he gained command of the CSDN database and wanted to 
cooperate with the website, it was reported.

He admitted to hacking into the CSDN server in April 2010 through a system 
loophole and sneaking into an online recharge platform and a stock brokerage 
system.

During the investigation, police also uncovered four other hackers and 
investigation into their illegal activities is still ongoing, the paper said.

After the incident, Beijing police gave CSDN an administrative punishment for 
lacking efforts to safeguard its database. CSDN apologized to its subscribers 
and claimed that its database has been safe since September 2010.


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill
Received on Fri Mar 23 2012 - 02:21:31 PDT

This archive was generated by hypermail 2.2.0 : Fri Mar 23 2012 - 02:24:01 PDT