With the advent of big data era of information security challenges. The day before, “Chinese business newspaper” reporter noted in the dark online more than a hacker said the master of multi agency data, including open outcry Henan Zhongyuan consumer finance Limited by Share Ltd (hereinafter referred to as the “China consumer finance”), the borrower data pat loans, loans and many other pleasant Internet Financial platform.
According to the dark online one of the seller, the data including telephone number, identity card is the opposite, contact telephone, part containing consumer goods vouchers, and the corresponding to the borrower by reading the mail list of contact information. Even said “give the company database permissions, send in collection company, all the collection of records.”
“Chinese business daily” reporters try to contact the suspected data being sold on the list, the other are not unusual. Then the data authenticity? Leak source?
Information security has become the hardest hit
The dark net market hangs one called “Henan Zhongyuan consumer finance licensed 400W fresh data, the server continues to update the trading post, which refers to” the Central Plains to the nearest consumer finance founded M1, M2 and M3, two years a total of about 4000000 loan information, including telephone, ID, positive and negative contact telephone “and” the current price of 2000BTC (as of November 29th bitcoin prices equivalent to 58 million 430 thousand yuan), after 10 0.001BTC (equivalent to 29.21 yuan) open price away, turned to the domestic network security company “fishing” database has been taken to a foreign server, after the payment to the link to download the server in the third world. Never be sealed.”
This reporter contacted the consumer finance, the other said early in the 10 days ago, companies in information security routine inspection, the first time that this information, when the company attaches great importance to take for the network system, database server, including the relevant personnel of self-examination, found no abnormalities; also communicate with the report and the Zhengzhou Municipal Public Security Bureau supervisor detachment, I would like to use them to professional and technical support of mining clues, also found no suspicious clues, and invited the top three domestic information security agency, experts drawn on the investigation over the network security, not from the technical analysis found traces of hacking, data acquisition.
“A small number of online information is not dark 4 million, at present, no such a large amount of users, the CBRC has just to carry out routine inspection.” The consumer finance said.
But in 10 months this year, the Central Plains consumer finance manager Zhou Wenlong said the local media company, the number of registered users exceeded 7 million people, of which the real name users reached 5 million, has more than 1 million 900 thousand customers of consumer loan services. The reporter opens the Central Plains consumer finance APP also saw the need to fill in the information for the registered mobile phone number, if you need to use the function to identity card is the opposite of the real name information.
The data content selling information and pleasant loans provided by retailers, including contacts, monthly income, payroll forms, mobile phone, working time, contact address, loan amount and other information, and gives some detailed information. The reporter called the number of the data in the parties, they said the personal information is true, but not in the pleasant credit on borrowed money.
One of the parties said, “when I invested in some P2P products also left the address on my address and phone number, monthly income, working time is right.”
The list of data in a man told reporters: “you say the information is right, this is my address on the ID card, for information leakage reasons I have no clue, the information was leaked this matter I am helpless.”
It is worth noting that the 10 thousand page display data privacy information is true, the source has yet to be verified for $14.74 sold out 5 times.
In this regard, pleasant loans believe there might be two conditions: one is the online public information, our data have been collected by the sale; two other platform is user data leakage, people sold on behalf of pleasant credit user data, due to the presence of the same borrower generally will register more than one platform, these if the data to match the other net loan platform, will also have certain hits, this is not to lead or reasoning pleasant credit data. The report recommended for selling information data, public acceptance, pleasant credit security department will cooperate with the police investigation and evidence collection.
The possibility of leakage of many
So these or “stateless” data sources, what are the odds?
Financial engineers told reporters analyzed, data leakage originated from both a technical database derived from the background, one is derived from the front of business personnel. The disclosure of data level database technology, may be the company technical personnel illegal copy of the data in the database, if there are technical personnel from the production of a copy library company, that security management is not in place; at the same time there may be hacked off the library cause. If there is data leakage, generally speaking, the system will have information security measures, is caused by hacker attacks are not common, but hackers cause the entire database data leakage effect and the result is usually more serious. “The most common market is the business personnel of the customer information disclosure of personal information, export customers, reselling.” The engineers added.
At the same time, pleasant loans also said that the disclosure of the data may have hundreds of different ways, for the existence of “black industry”, exists in the offline channels leaked “temporarily unable to answer. At present, the security department and pleasant credit loan business department repeated investigation and verification, the platform has not found “information leak caused by network attacks”.
At the same time, pat loans also said that after careful investigation, pat the loan does not exist the problem of user data leakage. There are many reasons for data leakage may occur, such as internal staff leaked, external hacker attacks, illegal operations led by individual employees for information disclosure, pat the loan will also take legal means to deal with serious.
(source: China Business News)