Trove of China Rail Riders’ Personal Data Leaked Online

china-rail

The Chinese company didn’t confirm the number of travelers affected, but computer security monitoring websites estimated the hack revealed the details of more than 130,000 passengers

’Tis the season, it seems, for unwanted disclosures.

Personal data of travelers on the world’s most populous nation have been illegally leaked into the public domain – right at the start of the ticket-buying rush ahead of China’s massive Lunar New Year migration in February.

User names, passwords and email addresses of train riders in China were stolen from an official railway ticket sales website, www.12306.cn, and are now circulating on the Internet, China Railway Corp. said in a Christmas Day statement on its official microblog. The state rail company blamed the leak on third-party software used by travelers trying to beat online queues. Those who provide the software say it can help users leapfrog others in making online purchases.

“All the leaked information contains plain text, while the information on our website’s database is completely encrypted,” the company said.

The Chinese company didn’t confirm the number of travelers affected, but computer security monitoring websites estimated the hack revealed the details of more than 130,000 passengers….(read more)

China Real Time Report – WSJ

–Chuin-Wei Yap and Kersten Zhang. Follow Chuin-Wei on Twitter @YapCW.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.