Origin / Wind information
Recently, china live hotel group is exploded the Chinese front courtyard, orange, entire season hotel below the banner opens room information to reveal sale. Explode makings say, data divulges limits to include: Government-owned net registers a data to make an appointment with 123 million records; Enter information of the identity that register to make an appointment with 130 million; The hotel opens a room to record about 240 million.
This leak amount is huge, the history is divulged in public hotel information in unprecedented, can weighs Internet history on incident of the most large-scale leak.
And release according to center of 360 minatory information " information of orgnaization of 2017 politics look forward to divulges a situation to analyse a report " show, according to calculating, came in January 2017 only in October, domestic website may divulge information in all 5.12 billion, the information that divulges everyday that is to say amounts to 17.07 million.
How is our data revealed? Who still divulged our information?
"History go up incident of the most large-scale leak "Basis " daily economy news " report, 28 days, small letter platform circulates a piece of hacker sells China live the check scheme of data of hotel group client, show among them, china live store of banner go with wine opens a room to record doubt to be like divulge, have sale in blackmarket. Involve hotel limits to include: of Chinese front courtyard, beautiful the rank of nobility, happiness, Nuo is rich Cheng of special, beautiful house, CitiGO, orange, entire season, star, appropriate needs Sai Shangpin, appropriate needs think of, happy Lai, sea is friendly.
The content that divulge involves many privacy information, add up to is close 500 million, of complete information bale valence is 8 bit money, or 520 collect money (add up to a RMB about 380 thousand yuan) . Sell the home to still say, the cut-off of above data information time is on August 14, 2018. Sale information is material include 3 much:
One, government-owned net registers a data: Date of full name, mobile phone, mailbox, Id date, entry password, in all 53G, make an appointment with 123 million records.
2, enter information of the identity that register: Date of full name, Id date, home address, birthday, in-house ID, in all 22.3G, about 130 million.
3, the hotel opens house notes: Number of in-house ID date, chummery correlation date, full name, card, mobile phone date, mailbox, enter time, leave amount of date of ID of time, hotel, room date, consumption to wait, in all 66.2G, about 240 million.
28 days afternoon, china live the group is like information to divulge incident to release official statement to say with respect to doubt:
28 days, a large number of users appear on the network, travel from media " sell China live data of inn of banner go with wine " message, cause extremely abominable public opinion effect. My group takes seriously very much, already interiorly is begun quickly check, ensure guest information is safe; My group already call the police for a short while, public security mechanism is launching investigation; My group also invited professional technology company to go up to the net hawk " relevant individual information " whether to originate China live the group undertakes checking. Listen to face up to, state as follows especially:
One, hawk, transmission individual information, violate state law, the clue is serious will make crime. No matter whether relevant individual information originates on the network China live, whether to belong to do sth without authorization to transmit individual information to all make crime, ask relevant behavior person to stop the transmission, illegal behavior that hawks individual information to confess his crime to a criminal give himself up to the police of public security mechanism instantly.
2, platform of relevant network user, network is deleted instantly and stop to disseminate afore-mentioned information please.
3, China live the right that group reservation investigates duty of relevant infringer law.
28 days afternoon, substation of long peaceful public security receives Shanghai China live group operation controller signs up for counter scale, somebody is hawked in the website outside the condition China live data of inn of banner go with wine, user information doubt is divulged, the company already started interior to be checked oneself, police gets involved namely investigation. Police expresses, will severe from beginning to end blow is gotten illegally, buying and selling, exchange, offer the illegal criminality such as citizen individual information, cogent protection citizen closes right increase, those who master citizen individual information is enterprise or business unit, answer to fulfil main body responsibility strictly, increase information to defend safely strength.
The personage inside course of study says, this leak amount is huge, the history is divulged in public hotel information in unprecedented, can weighs Internet history on incident of the most large-scale leak.
China live 3 times to divulge client informationHave public figure of many network security trade to " finance and economics " reporter evaluation says, china live big probability of be related of hotel data leak is belonged to solid, and, they still identify amount to to occupy leak may be not hacker technology measure to have many brillant, however because have " inside ghost " divulge pertinent information actively.
The hacker claims to was opposite on August 14 China live the hotel undertakes a database " take off a library " (hacker term, meaning be about to all number in the database leave according to all pilfer) , but discovery of trade public figure, about 20 days ago, somebody uploaded the database of website of China of elegant tall hotel already actively on Github of community opening a source to configure a file, this file included database of elegant tall hotel IP, port, administrator Zhang date and password.
France is elegant high group is China live the long-term strategy partner of the group, both sides formed an alliance 2014, change by China stay in beauty of the brand below responsible elegant Gao Qi rich special, beautiful house, appropriate thinks of the rank of nobility, Nuo surely Shang Pinhe appropriate thinks of what the brand is in China to manage surely with development. Among them, some appropriate thinks of hotel China to join in business once resented for a time surely this kind of arrangement, bargaining of Xiang Yagao hotel not fruit is backward the court offers the arbitration, interfacial news once still had reported this matter 2016.
From afore-mentioned databases configuration library file can see, database of elegant tall hotel visits an address to be Http://119.3.25.176, zhang date is " Root " , the password is " 123456 " .
" finance and economics " reporter test and verify afore-mentioned information. IP address logs onto a website to interior of elegant high group, but user name and password already invalidation.
Actually, leaf through China the record that live, divulge client information more than.
On October 10, 2013, once domestic safe flaw monitors platform " black clouds " release a report to say, chinese front courtyard (China live predecessor) the client opens a room to because be divulged by tripartite memory and systematic flaw,be recorded, information is complete recorded the Id that enters hotel guest, enter the privacy information such as the time, room number that joins.
2015, safety of flaw box platform reports, orange hotel (hind by China live buy) put in serious and safe flaw, the take in everything in a glance of information opening a room such as lodger full name, phone, still can undertake revise and cancelling to hotel order.
Have 17.07 million records everyday by pilferCome a few this years, individual information divulges a circumstance very common.
Safety of network of the Ministry of Public Security is guarded bureau chief engineer Guo Qiquan is being accepted before this " economic reference signs up for " when interviewing, express, the network highlights show security of level big data most in safe problem, also be most as close together as citizen individual relation. Its can affect national security, politics safety, military affairs safety not only, the life that still can affect company business interest, citizen is safe.
Guo opens full name, punish of big data security is the countrywide network safety that our country near future is beginning the serious content in executing the law to examine the action greatly, this also is bring into big data security examination object first, the protection that is aimed at citizen individual information especially will be the Chongzhongzhi that execute the law is weighed.
Dimensions of current China netizen already amounted to several people, the assemble of big data increased the risk that citizen individual information and privacy data information divulge inevitably. This giant network group is everyday on the net mail of cost of shop merchandise, pay, hair, chat, access a data to wait a moment, should be illicit secret information more very originally among them, but be collected by partial enterprise or individual actually, associated even analysis and mining give citizen individual identity, account, position, contrail to wait sensitive or privacy information.
Guo Qiquan points out, it is big on one hand after data set is medium, to illegal interest charge, filch a large number of information offerred advantage, on the other hand, it is relevant enterprise hits edge ball to obtain data, gather citizen individual information, allow a picture illegally to user essence. His citing says, undertake shopping in some platform, big data technology can pass the network activity of people to gather information, the real time location that searchs software of trace, mobile phone like number of the identity information of mobile phone user, mobile phone, address, network and social trends.
As the addition that information experience net measures, data divulges a problem to jump over an invention to show. Xinhua News Agency ever reported say, according to 360 menace information center releases " information of orgnaization of 2017 politics look forward to divulges a situation to analyse a report " show, according to calculating, came in January 2017 only in October, domestic website may divulge information in all 5.12 billion, the information that divulges everyday that is to say amounts to 17.07 million.
Super- suffer the person that visit to ever encountered individual information reveals a problem most probablyThe mobile phone is we use most electronic product at present, mobile phone APP is one of important channel that divulge individual information. On August 29, in disappear assist release a App individual information to divulge case findings report to show, APP already divulged heavy disaster area into individual information.
Among them, have super- suffer the person that visit to ever encountered individual information reveals a problem most probably, after individual information divulges, common problem has: Promote phone or short message to annoy, receive bilk telephone call, receive rubbish mail to wait.
Whether had encountered individual information to divulge a circumstance
After consumer individual information is divulged, of about 86.5% suffer the person that visit to ever received those who promote phone or short message to annoy, of about 75.0% suffer the person that visit to receive bilk telephone call, of about 63.4% suffer the person that visit to get rubbish mail, before the rank ranks 3. In addition, the part suffers the person that visit to ever received illegal information to wait like illegal link, have more very person password of occurrence individual account by the problem of pilfer.
Individual information reveals expressional pattern
According to findings, the main avenue that individual information divulges is operator agrees to gather individual information without oneself, 62.2% what take investigation total sample about; 2 it is operator or illegal element are divulged intentionally, sell or provide individual information illegally to other, 60.6% what take investigation total sample about, network service system is put flaw causes individual information to divulge 57.4% . Still illegal element waits for information of individual of method purloin, diddle and operator to collect unnecessary individual information to be occupied respectively through website of trojan virus, fishing 34.4% with 26.2% .
Individual information reveals an approach
After information is divulged, the problem with the afraidest consumer is to be used to undertake bilk filch activity; Traffic or exchange tripartite; Perhaps be promoted advertisement is annoyed.
Findings shows, this and individual safety consciousness are thin and do not superintend reach the designated position having affinity. Above all, when the user is being installed and using mobile phone APP, very few somebody reads applied attributive and user agreement or privacy policy, now and then the person that read and never read is in the majority. Always read occupy 18.1% , often read 8.2% , read sometimes 16.4% , now and then read 31.2% , never read 26.2% .
Read the rate that uses attributive and user agreement or privacy policy
Do not read be not consumer to pay no attention to accredit clause really, just be in a few software not below the premise that accredit cannot use, careful reading sense may be not great.
In occupy than 26.2% never read applied attributive and user agreement or privacy policy in sufferring the person that visit, choice never because,reading reason basically is not accredit does not have a law to use, can be forced to accept only, occupy 61.2% . Returning those who have 22.2% to suffer the person that visit is the accredit that stems from pair of App operation business, 16.6% suffer the person that visit to think content of App user agreement very much the same.
To mobile phone APP, the most zealous is to get the position and contact information. The report says, read taking positional information attributive and visit contact limits of authority is the situation is encountered when installation and APP of use mobile phone most, occupy respectively 86.8% with 62.3% . Suffer the person that visit to be read to take by the requirement communicate record attributive (47.5%) , read take a short message to record attributive (39.3%) , open photograph attributive resembling a head (attributive of recording of 39.3%) , mike (the scale of 24.6%) is relative also taller.
Installation and APP of use mobile phone need gotten limits of authority
In the meantime, the report thinks, the safe protection consciousness of individual information is thin and relevant do not superintend reaching the designated position is to suffer the person that visit to think information of occurrence individual of mobile phone App is safe the reason with the mainest problem, scale is respectively 64.0% with 57.3% . Relevant law is not perfect (39.3%) , obtain evidence cost of authority of difficult, dimension is high (24.6%) , dimension authority consciousness is not strong (19.6%) , the industry lacks self-discipline (18.0%) also is to bring about the main reason of problem of safety of information of occurrence individual of mobile phone App.
Expert: Corresponding company needs to bear legal responsibilityIn view of this, chinese consumer society suggests, when consumer is choosing to use mobile phone App, ought to accomplish " 4 attentions " : It is to should notice to choose safety to add up to the Wu of App product kimono of compasses, choose normal and effective medium of communication to undertake downloading installing; 2 it is the applied attributive that should notice to read App seriously and user agreement or privacy policy specification, understanding operates a note; 3 it is to should notice to breed good use convention, be not opened at will and agree with unessential to read take limits of authority, do not input individual privacy information at will, be safeguarded regularly and clear relevant data; 4 it is the problem that should notice to answer individual privacy information to be divulged seriously, discover individual information is divulged when the problem, should adopt significant measure seasonable and active thought fors the time being, mirror to concerned branch when necessary, let more consumer avoid suffer its to kill.
Actually, include mobile phone APP and less than of hotel room information, country cruel torture punishs nowadays individual data business.
In recent years, procuratorate of court of standing committee of countrywide National People's Congress, top people, top people, the Ministry of Public Security announced early or late " the decision that protects about strengthening network news " " about penalizing lawfully information of individual of enroach on citizen commits a crime mobile announcement " etc, " network safety law " also carried out in the whole nation in June 2017. "Get illegally, sell or provide the content of track contrail information, communication, information that sign a letter, property information 50 can enter punishment " .
These legal laws and regulations make clear a regulation, any organizations and individual do not get filch to perhaps get information of citizen individual electron with other and illegal means, must not sell or provide information of citizen individual electron illegally to other.
Zhou Xuliang of Beijing attorney office's lawyer thinks, if China live relevant personnel traffics hotel data check to belong to solid, because involved data of on 100 million users, this behavior already made the case with particularly severe clue, relevant personnel may is in because of be suspected of violating crime of citizen individual information with 3 years of above 7 years of the following set term of imprisonments.
Look from the responsibility of the hotel, consumer goes the hotel is entered, form contract concern with the hotel. " contract law " set the 92nd times to there is confidential obligation between contract both sides. The hotel is custodial without appropriate consumer information, cause divulge, the agree carries responsibility of breach of contract. Beijing is filled with division (Hangzhou) Fang Chaojiang of attorney office solicitor expresses, this incident needs to consider from two respects, above all to China live for the group the circumstance that information divulges existence to differ, whether should need assume corresponding responsibility according to divulging reason differentiate hotel; Be in in light of the angle that counterpoises from consumer dimension next whether is there still certain difficulty on the quote of fall victim, and chasing after duty who assumes responsibility to also need to divide and be talked in the process.
"The circumstance that if appear to reveal data from office staff,inside and outside of on-the-job perhaps employee cooperates, belong to hotel interior to manage existence flaw, need assumes corresponding responsibility, " his explanation says, another kind of circumstance, when when the information management system that encounters a hotel occurrence flaw is inbreaked by the hacker, if maintain an enterprise to did not give the protection that with its dimensions photograph matchs to need to assume corresponding responsibility, conversely the enterprise also is fall victim square. "Picture China the group company that lives to have huge system to measure individual information so should deploy ritzy other security to defend grade. "Picture China the group company that lives to have huge system to measure individual information so should deploy ritzy other security to defend grade..
