US group user information is resold: each price is less than 10 Fen with high accuracy (source: original). Too many harassing phones make people feel uncomfortable. Citizen Xu Xin reflected that because he had ordered a takeaway in the US regiment, his hotel address, room number, telephone number and other privacy information were leaked. And Xu Xins information is only one of thousands of takeaway information obtained by case 37. Every time a customer takes a takeaway, he means to upload his information once. But are these privacy information secure enough? Recently, agent 37 of the heavy case group was found in a number of telephone sales groups, with the sellers information on the sale of takeout customers. The price of each message is less than 10 Fen, including telephone name and reservation address. There are also Internet operators who use software to collect subscribers subscription information, and then sell them to telephone sales companies, and even a number of takeaway riders have been selling business for customer information. Some experts say that information leakage continues to occur, the corresponding technical safety standards and requirements are still not introduced, and the personal information of citizens is still in a dangerous period. In April 20th, Qin Hua FA sent more than 2600 user information on the takeaway platform. File screenshot Tens of thousands of messages sell for 800 yuan Todays data have been updated and sold for a long time. At 4 p.m. on April 14th, Chen Jinghong pushed a message on QQ. The system shows that the QQ has more than 200 friends. Chen Jinghong said that most of them bought customers data from him. Chen Jinghongs data is a citizens privacy information, including telephone and address. Case 37 is linked to Chen Jinghong in a telephone sales group. When the detective of No. 37 case team asked if there was a takeaway data for the customers, Chen Jinghongs application was immediately received. In the chat, Chen Jinghong revealed that he had the customer data from Beijing, Shanghai, Guangzhou and other front-line cities, such as the US group and other takeaway platforms. 10000 prices were 800 yuan and 5000 were sold, average less than 10 Fen. When agent 37 of the heavy case team proposed to get data, Chen Jing launched a two-dimensional code of the WeChat group, which was followed by a WeChat group of only the agent and his two people. After receiving two yuan 200 yuan red packets, Chen Jinghong dropped out of the group and left a message: 15 minutes to sort out the data to you. In less than 15 minutes, Chen Jinghong sent a EXI form through QQ, which contained 5000 messages. Like the screenshots, this form includes name, phone number, gender and address, but no date for ordering. Including the Chaoyang, Miyun and other areas, including 16 districts in Beijing, the data are involved. Detective number 37 of case investigation team randomly selected 100 phone numbers from the form to verify. Among them, there are 61 valid numbers, 33 owners confirm that the information in the form is accurate, and confirm that they have ordered meals in the US group in the past one or two months. Yes, thats the address, Ms. Yang, the CBDs apartment, said after hearing the agents address, she had ordered a meal at a barbecue in the United States the night before. The chief investigator, No. 37 of the case investigation team, made rough statistics. In the 5000 person list, some came from public places such as hotels, hotels, shopping malls, etc. The agent then contacted Chen Jinghong again to find out why there was invalid number. Chen Jinghong said, some of the data may have been changed. Each time he asks about the source of the data, the other side will deliberately avoid it. Repeatedly asked, Chen Jinghong finally said, data is extracted from the internal staff of the US mission system, updating about 40 thousand daily. Chen Jinghong disclosed that these data will be updated every day at noon, and it will definitely be sold out in the evening. In fact, there is more than one Chen Jinghong selling American group takeaway customers. Detective number 37 of the crime squad found in a number of telephone sales groups that at least three sellers said they had customer data for takeaway. QQ, nicknamed the Rainbow seller, says it can have national data, with a price of 600 yuan per 10000. Besides the users name and telephone address, it also includes booking information. Detective No. 37 of the crime squad found that there were also some sellers saying that there were also hungry customers and Baidu takeaway customers information, ranging from 700 yuan to 2000 yuan per 10000 yuan. Chen Jinghong said that he sent 5000 user information to reporters. Shootme Software automatic pick up customer information In addition to selling information directly to the seller, a more covert takeaway customer information access channel emerges. Investigation by No. 37 of the case investigation group found that some agents operated by takeaway outlets were also selling information. I always receive some sales calls and advertising messages. I feel that my information is leaked enough, and there is no way to change the phone. Citizen Xu Xin told agent 37 of the heavy case group because the hotels address, room number, telephone and other privacy information were open secrets because of a takeout in the United States. This is just one of thousands of takeaway information that the agents get. A staff member of a network operation company, Qin Huas business is responsible for helping to open up (operation) American regiment store. He also said that we could find ways to get information from the US group in Chengdu. Why only Chengdu? Qin Hua said that they did not operate in other cities of the United States Group shops, and these data are from their own operation of the shop to use software crawling. Name, sex, phone number, address, the number of meals ordered, but how many specific items I need to check to know. Qin Hua said. The price he gave was several times more expensive than the previous seller, 5 cents per item. Qin Hua later explained that the accuracy rate can be guaranteed, and that is the two days. In April 20th, Qin Hua sent a screenshot showing a total of 2605 messages. Then send another screenshot: 2609. There are just four more guests to order, the number will rise any time. Qin Hua said, the mantissa is sent, you turn 1300 yuan to me. About half an hour later, the detective of No. 37 of the crime squad saw the list of 2609 pieces of information, which is more extensive. Through the screening of keywords, the results showed that there were 83 Hotel addresses, 47 Internet cafes, 29 hospitals and 1 clubs. The agent randomly selected 54 dials from the hotel. Except for 30 shutting down or unmanned answering, 3 information was not in line, and the 21 owners confirmed that they had ordered a meal on the US regiment in the near future. In the confirmation of Mr. Wangs information, the agent intentionally gave an incomplete address, but was immediately corrected and supplemented by the other party. The address given by Mr. Wang is the address in the information list. In this information list, there are 16 addresses from the Internet bar. Many addresses are even accurate to the location of a certain Internet cafe. The heavy case group 37 inspector verifying that, in addition to 4 of the main phone can not be connected, the rest of the 12 machine owners said they did use the address to order meals. Generally do store operation will buy these information, conversion rate is very high. Qin Hua said that he obtained these information by hanging his software in the background of some American business groups and crawling away from them. If the information of the merchant is better, anywhere in the country, I can get you all the information in a city one night, including the name of the owner, the name of the store, the address, the phone number. Qin Hua said. The heavy case group 37 agent proposed whether it will be monitored by the platform system, Qin Hua said that the monitoring is not, this thing you do not have to let the business know, as long as there is a computer, in the home can operate. Qin Hua then sent a monitoring screenshot of the software. From the list of screenshots, you can see the name of the user, the phone, the date of registration, the latest consumption, the balance of the stored value and so on. 2800 yuan can be used for one year. Qin Hua said, but he refused to disclose the name of the software. In April 20th, Chen Jinghong said user information was extracted from the internal staff of the US mission system. Shootme Takeout rider selling orders In the survey of No. 37 of the case study, it was found that the data seller sent a couple of screenshots of the Wuhan and Beijing catering personnel to inquire whether they needed them. In a subsequent investigation, agent 37 of the heavy case group found that some terminal contacts, including some of the US group riders, are also using user information to profit from the terminal contacts of the users information. In April 18th, detective Li De of the crime squad found the US takeaway rider, Li De, on the phone and asked if he could sell the subscribers order information. The other party said yes, but the price was slightly higher, one yuan each. This information can be guaranteed on that day, and all the information on the order can be given to you, including the meals ordered from which. Li De said. On the second day, Li De asked the agent whether he needed order information and sent out 34 order sheets for takeaway. One of the orders showed that Ms. Zhang, a 3 phase of a district in Chaoyang District, had ordered a restaurant in a salad shop in the United States, including four kinds, including salmon rolls. Confirmed by Ms. Zhang, she ordered the order. Case number 37 inspector has verified 20 orders information, except for 3 machine owners who are unable to confirm, other owners have indicated that the order information is true. Case number 37 carding found that many takeaway platform users have had information leakage experience, and even cause disputes. According to media reports, in December last year, Mr. Chai ordered a takeaway, totaling 31.8 yuan, through the hungry ordering platform. About 10 minutes later, a businessman claiming to be in touch with Mr. Chai said that he ordered the black pepper pork chop to be sold out, and that he needed to make up the difference of two yuan for changing vegetables. The information is very accurate, the information of my order, what food the businessman sells, exactly the same. Mr. Chai said. Then the other let Mr. Chai reported about Alipay digital to receive two dollar difference. After reporting the figures, Mr. Chai found that the other side had already transferred nearly 2000 yuan. The businessman said Mr. Chais meal was not sold out, nor did he call the staff in the store. Mr. Chai suspected that his reservation information was leaked. In addition, in March this year, Mr. Lee, who ordered a takeaway from Harbin, received frequent calls from strangers to find out how to find Miss. Mr. Li, who was overwhelmed by the trouble, finally found that his phone was leaked by a takeaway rider and renoted it as Miss door. Web site users time to stroll the brigade also posted, said he gave his boyfriend a beauty group takeaway, and then a stranger with WeChat. The other person knows his name and address, but he doesnt know him. After questioning several times, the other side admitted that the message was sent to a friend who had taken away the food, and the purpose was to help him out of the list. Agent 37 of the heavy case group called the US regiments customer service on the information that the information was leaked. A customer service officer said that the management of information was very strict within the mission and would not disclose the privacy of the user. However, user order information involves many links. Businessmen and riders will have user information, and do not include disturbing factors such as sending wrong meals and losing small order tickets. In addition, agent 37 of the heavy case group noticed that the Internet leak door, which occurred at the end of 2011, also spread to the United States group. At that time, the US regiment sent a short message to the user: the data of a number of web users have leaked recently. After verifying, your account information has been leaked, please modify the cipher network password as soon as possible in case the account is stolen. In an interview with the media, the head of the United States Network said that because of the user information leakage incident to a large number of users, such as CSDN, NetEase mailbox and so on, some user accounts registered with the associated account of the United States group are faced with security threats. In addition, the network security law is also clear that network operators should take technical measures and other necessary measures to ensure the security of their personal information, to prevent information leakage, damage, and loss. In cases where personal information is leaked, damaged or lost, remedial measures should be taken immediately, informing the user in time and reporting to the competent authorities in accordance with the regulations. Zhao Wu, a network security expert and founder of white hat sinks, said that information leaks are constantly occurring, but the corresponding technical safety standards and requirements are still not published, and the personal information of the citizens is still in a dangerous period. For the problem that the takeaway platform is suspected of disclosing customer privacy, Zhao Wu analyses that there may be loopholes in the takeout platform, such as API (Application Programming Interface) without authentication, and network invaders can crawl user information according to order sequence numbers. There have been many similar cases in history, such as the massive leaks of resumes on recruitment websites. The second possibility is to disclose information to third parties who cooperate with businesses. For example, some businesses will engage in some points, rebates, coupons and other activities, these activities are generally undertaken by third party companies. They collect users information in activities, and their data protection is not as tight as platform, so they are easy to be invaded. The previous 12306 website information leakage is such a situation. Zhao Wu said. Zhao Wu introduced that the network security law of China in June last year has been formally implemented, the general guidance requirements have been clear, but the corresponding specific technical safety standards have not yet been introduced, especially for the information supervision of commercial companies. How to prevent information leakage, Zhao Wu said that, on the one hand, the country should introduce specific detailed rules for network security protection as soon as possible, strict legislation requires enterprises to be responsible for security accidents, especially privacy related data disclosure must have a penalty and compensation mechanism, not allow enterprises to increase data leakage caused by black guest attacks do not bear responsibility. A similar exemption clause. At the same time, we must strictly control the utilization of data by the enterprise side, and punish once. On the other hand, the business company should update the means of information protection in time and establish the deep protection mechanism. In the data analysis and use, the sensitive information of the customer can be hidden and replaced by the virtual ID, and then the privacy information is protected by the means of encrypting the two times. In addition, Zhao Wu said that business companies should also improve information management mechanisms, such as what is the algorithm for technology encryption, what kind of people can contact user data and establish detailed technical standards. (Xu Xin, Chen Jinghong, Tan Hua and Li De are aliases). The source of this article: No. 37 editor in chief of case group: Guo Ping _B7442 How to prevent information leakage, Zhao Wu said that, on the one hand, the country should introduce specific detailed rules for network security protection as soon as possible, strict legislation requires enterprises to be responsible for security accidents, especially privacy related data disclosure must have a penalty and compensation mechanism, not allow enterprises to increase data leakage caused by black guest attacks do not bear responsibility. A similar exemption clause. At the same time, we must strictly control the utilization of data by the enterprise side, and punish once. On the other hand, the business company should update the means of information protection in time and establish the deep protection mechanism. In the data analysis and use, the sensitive information of the customer can be hidden and replaced by the virtual ID, and then the privacy information is protected by the means of encrypting the two times. In addition, Zhao Wu said that business companies should also improve information management mechanisms, such as what is the algorithm for technology encryption, what kind of people can contact user data and establish detailed technical standards. (Xu Xin, Chen Jinghong, Tan Hua, Li De are aliases).