21st Century Business Herald, 12/27/11
On December 25, user names, passwords, e-mail addresses and other information for as many as 40 mln users of Chinese online community site Tianya.cn were leaked online.
Hainan-based Tianya has posted a letter of apology on its homepage in which it admits that data pertaining to a portion of its users has been leaked following a hacking attack. Tianya PR spokesperson Chu Meng said that the company has reported the incident to the provincial and municipal Public Security Bureau authorities in Haikou, and that police have launched an investigation.
Chu said that the 40 mln figure originates with the individual who placed a file containing the leaked information online for people to download, but the actual number of compromised accounts can now be confirmed to be much lower. The stolen data dates back to before 2009, a time when Tianya still stored user data in plain text. In 2010, Chu said, Tianya upgraded its management of user accounts to include the practice of encrypting data to ensure user accounts remain secure.
In addition to Tianya, torrent files can currently be found using a search engine with which user data for Chinese SNS Renren and the Chinese Software Developer Network (CSDN.net) can be freely downloaded using a P2P client application. Files currently being circulated with user data from the latter two sites have been compressed, but contain user names, passwords and e-mail addresses used during registration stored in the plain text TXT format. Leaked data for CSDN users is being circulated in the plain text SQL file format used in databases.
Wang Shanna, VP of Chinese online P2P video service provider, download accelerator software developer, and online game operator Xunlei, said recently that the company has taken steps to prevent users from being able to download the above files through its P2P network.
Editor's Note: For more information on this topic, please see "Rumor: Renren Suffers Data Breach," MD 12/23/11 and "Rumor: Online Community CSDN.net Suffers Data Breach," MD 12/22/11 issues.