CN SINA 2012 Hacking (Q13438)
From Open Risk Manual
A data breach risk event
| Language | Label | Description | Also known as |
|---|---|---|---|
| English | CN SINA 2012 Hacking |
A data breach risk event |
Statements
7DCE9AD1-2138-4DAA-BEDE-9FAF49B81B59
January 2012
0 references
Chinese online security website Youxia.org today revealed a security loophole in Chinese internet company Sinas (Nasdaq: SINA) iAsk search engine that exposes user passwords. According to the site, iAsk is vulnerable to an SQL injection attack that allows access to the iAsk database, which includes information for over 70 mln users. As an example, Youxia.org demonstrated how it could find the username and password of popular magician Liu Qian, who confirmed on his personal microblog that the password was correct. While Sina has already closed the security breach, Youxia pointed out that following user data leaks at online communities CSDN.net and Tianya, Sina claimed passwords were encrypted in their database, but the exploit has proven that the majority of passwords are saved in plain te (English)
