According to report from Tencent Tech on Saturday, a data package of 12G, containing over 10 million pieces of private information from JD.com users, has been sold in pieces on the black market, at different prices on a range of RMB 100,000 (USD 14,462) to RMB 700,000 based on the quantity of information.
The information includes user names, passwords, email addresses, Tencent account numbers, phone numbers, and national identity card numbers.
JD.com responded on Sunday that the leaked information comes from a web security attack in 2013, when almost all internet companies, as well as banks and government agencies in China, were affected. JD.com said that the security flaw has long been mended.
Why would data that leaked out in 2013 suddenly jump out three years later, at the end of 2016? Among other factors, this has to do with “information laundering”, a process that may take months and even longer, when hackers drain what benefits they can from the stolen information.
With data on hand, hackers would log onto those accounts for the first round of “laundering”; for example, the virtual money of a game account would be transferred away before the account info is sold to others.
However, this is not the first time that JD.com users have had their private information at risk. Aside from anything else, hackers are not the only hand behind the scene.
Another information leak at JD.com occurred in 2015, leading to a total loss of millions of RMB to several JD.com users. A year later, it was found out that the criminals were three JD.com logistics employees who got their hands on over 9,000 pieces of user information during work.
JD.com is not alone in suffering from user information leakage. In 2014, AliPay suffered a leak of 20G of data, an act which was also committed by an employee. According to NetEase News, it was sold at RMB 500 for every 30,000 pieces of information, including users’ real names, phone numbers, email addresses, home addresses, and purchasing history.
The buyers of the information? The majority of them would be other e-commerce platforms, the report said.
If you think that the harm caused by those leaks is limited to a specific account, you’re wrong: hackers can use the information to get their hands on your other accounts as well, making it especially dangerous if you have set the same password for all your accounts.
You might want to reset your passwords now.
(Top photo from Pixabay.com)