Shulou(Shulou.com)12/24 Report--

CTOnews.com, December 10, according to CCTV news official WeChat, a job recruitment App SMS CAPTCHA interface encountered more than 13 million attacks. Police investigation found that two suspects took advantage of website vulnerabilities to make hacker software and carry out a "hit library" attack to obtain a large amount of personal information and company account data to be sold abroad.

CTOnews.com also learned from relevant reports on CCTV that some time ago, the Beijing police received a report from an Internet company in its jurisdiction that the SMS CAPTCHA interface of its job search and recruitment category App had suffered more than 1300 attacks and successfully matched more than 300,000 registered accounts. Beijing police quickly determined that this was a case in which hackers took advantage of website loopholes to illegally obtain account information and use it for illegal activities.

According to reports, the suspect Yu confessed that he registered an account on the recruitment platform on October 18, 2022 and made several attempts to verify the interface. He found that the signature algorithm of the website was relatively simple, so he took advantage of this weakness to write instructions and make hacker software to "hit the library" attack on the website.

If users use the same user name and password on different platforms, the hacker has a "master key": as long as the login is successful, the hacker can get personal information at will.

At the same time, he also used similar methods to infiltrate other major websites and looked for opportunities to inquire about website vulnerabilities, which he used as bait to sell malicious programs and hacker tools he had written to others for profit. Through the unremitting efforts of the police, the task force successfully arrested another suspect, Jiao, in Chengdu, Sichuan, and seized more than 3.3 million pieces of data from various companies and personnel at the scene.

Suspects Yu and Jiao have been criminally detained in accordance with the law for sabotaging the computer information system, and the case is under further processing.

The investigators of the Network Security Corps of the Beijing Municipal Public Security Bureau put forward the following suggestions for setting passwords for users:

Avoid being too simple and easy to guess.

Do not check the options such as "remember password" and "default login" when logging in to personal accounts for public devices. Choose anonymous login as far as possible.

When using third-party App or unknown applications that need to fill in important account passwords, be cautious and minimize the disclosure of detailed personal information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.