Ahead of the busiest travel season of the year in China, personal data of more than 130,000 customers who purchased train tickets on China’s official online railway ticketing site has been leaked, causing an enormous panic among people, China Daily reported.
The leaked information includes usernames, passwords, emails and other important personal data used for buying tickets on the official Chinese Government ticket-selling website www.12306.cn. The main concern that the buyers are paralysed with, is the identity theft.
China Railways however said the data leak was not caused by its website and had originated from the use of third-party websites or plugins that may have been used to avoid the online queue. Dusting off the responsibility, the company said-
All the leaked information contains plain text, while the information on our website’s database is completely encrypted, which means that the data is leaked via other websites or channels.
Authorities said yesterday that they had arrested two suspects that may have driven the whole leak. It has also made few amendments to its system to prevent any such attacks in future. The company said that it has installed a function on its official website that allows legitimate ticket buyers to immediately report suspect fraudulent misuse of identities and carry on with their intended legitimate purchases.
With Chinese New Year coming up in February, an enormous number of Chinese will make their way back home for the annual celebration. Since, online booking is the fastest and the easiest way to grab one of the tickets, most of the migratories rely on the internet procedure. To beat the infinitely long queue, people blindly use the third-party websites and plugins to jump ahead of others and, as said by the company, might be the primary reason for the data leak.