Leakage of Personal Data of Over 6 million Internet Users Puts Web Security in Question

The personal information of more than 6 million Internet users on CSDN, or China Software Developer Network, the country's largest programmers' website, was leaked by hackers, raising concerns about web security and triggering widespread panic.

The leak was first exposed by China's leading anti-virus software provider, Beijing-based Qihoo 360, on December 21. The company said the leak included user IDs, passwords and e-mail addresses in clear text.

The hacking case escalated on December 22 after the personal details of subscribers to more websites, including popular online gaming and social networking sites, were leaked.

Online media reports said the personal data of up to 50 million Internet users has been leaked so far, but the number could not be independently verified.

In response, the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) issued a statement on December 22, saying the CSDN's user data bank that leaked on the Internet was created before April 2009 and the passwords were stored in clear text, but the passwords had been encrypted after the data bank was upgraded in April 2009.

CNCERT/CC has ordered CSDN to take immediate action in repairing the system hazards and providing users with timely security solutions.

Computer security experts at Qihoo 360 believe the leak has spread to other websites.

"Many Internet users have registered the same passwords for their e-mail, microblog, online gaming and online payment accounts, so, if the server of one of the websites is hacked, their accounts and passwords on other websites would also be stolen," said Qihoo 360's Dr. Shi Xiaohong.

Police authorities in Beijing told Xinhua on December 23 that an investigation has been launched.

Source: Xinhua