Trove of China Rail Riders’ Personal Data Leaked OnlinePosted: December 28, 2014
The Chinese company didn’t confirm the number of travelers affected, but computer security monitoring websites estimated the hack revealed the details of more than 130,000 passengers
’Tis the season, it seems, for unwanted disclosures.
Personal data of travelers on the world’s most populous nation have been illegally leaked into the public domain – right at the start of the ticket-buying rush ahead of China’s massive Lunar New Year migration in February.
User names, passwords and email addresses of train riders in China were stolen from an official railway ticket sales website, www.12306.cn, and are now circulating on the Internet, China Railway Corp. said in a Christmas Day statement on its official microblog. The state rail company blamed the leak on third-party software used by travelers trying to beat online queues. Those who provide the software say it can help users leapfrog others in making online purchases.
“All the leaked information contains plain text, while the information on our website’s database is completely encrypted,” the company said.
–Chuin-Wei Yap and Kersten Zhang. Follow Chuin-Wei on Twitter @YapCW.