上周售卖的的中国10亿公民信息真实性石锤了-----阿里巴巴高管因警方数据库泄露事件被上海当局约见


  • July 14 (Reuters) - Shares in Alibaba Group Holdings Ltd (9988.HK) fell 5.7% on Friday after the Wall Street Journal reported that the Chinese tech giant's cloud division has been summoned by Shanghai authorities in connection with a theft of police data.

    An anonymous hacker had earlier this month claimed to have obtained personal information of more than 1 billion Chinese residents from the Shanghai police.

    A dashboard for managing the database was left open on the internet for over a year without a password, which made it easy to access and retrieve its contents, the Wall Street Journal said, citing cybersecurity researchers.

    Based on scans of the police database, the researchers said the data was hosted on Alibaba's cloud platform, according to the report. (https://on.wsj.com/3o0qR0r)

    The Shanghai government and spokespersons for Alibaba as well as its cloud division did not immediately respond to Reuters requests for comment.

    Since the theft was discovered, Alibaba has temporarily disabled access to the breached database and launched an inspection, the report said.

    Government authorities are yet to confirm the breach occurred. Yet the incident made waves online in China and at one point became a trending topic on Weibo, the country's Twitter-esque social network.

    The alleged breach comes as Chinese regulators tighten policy concerning data privacy and strengthen their oversight over the country's technology giants.

    China had late last year passed the Personal Information Protection Law, a major framework that dictated the proper methods for storing and collecting data. It was rolled out alongside the Data Security Law that governed data collection.

    Alibaba's stock price opened on Friday 5.5% below its previous day closing price in Hong Kong. The company's U.S. listed shares had closed down 3.6% on Thursday.
    新闻转自路透社


    上周售卖的的中国10亿公民信息大家还在质疑真假的可能性,现在靴子落地,警方用行动证实了数据的真实性。今天阿里巴巴的股票也因此跌了5.7%

    不过数据泄漏的原因未必如大家所想,程序员误将密钥共享到了csdn的文章中。 根据LeakIX 和 SecurityDiscovery两个安全公司的研究发现,被盗数据库以及数据库管理面板都使用了过时版本,管理面板缺少密码保护功能。 并且数据库还缺少最新的安全证书,该证书已经过期3年。虽然过期的证书并不会导致数据泄漏,但是这表明数据库缺乏维护。 阿里和上海警方都没有对泄漏事件和原因予以回应。

    有购买数据库意愿的可以放心购买了,每套仅需20万美元😂