12306 user data has been leaked, change your password quickly!

[[125173]]

Today, the vulnerability reporting platform Wuyun Vulnerability released a report saying that data including user accounts, plaintext passwords, ID cards and email addresses on the 12306 website were spreading wildly on the Internet. The report showed that the risk level was "high" and the vulnerability type was "massive leakage of user information."

Wuyun revealed in the report that the leaked data includes login accounts, passwords, credit card information, purchase records, phone numbers of common contacts and ID numbers. Wuyun also added that the data has been circulated and sold, but it is currently impossible to confirm whether it was leaked by the 12306 official website or a third-party ticket grabbing platform.

The vulnerability is currently marked as "high" and the status is "handled by a third-party vendor (CNCERT National Internet Emergency Center)". At the same time, Wuyun has notified the China Academy of Railway Sciences of the vulnerability and is waiting for its processing.

Although the current situation is still unclear, according to the information released by Wuyun, in order to ensure the security of their data, friends who use 12306 can consider changing their passwords immediately. At this time, the most tragic thing is just this: not only can you not get tickets, but you also have to face the rampant spread of your private information.

As of now, 12306 has not responded to this matter.

renew:

In response to the report released by Wuyun, 12306 issued an "Announcement on Reminding Passengers to Use the 12306 Official Website to Purchase Tickets" and said that the leaked information all contained users' plain text passwords and was leaked through other websites or channels. 12306 also emphasized that the public security authorities have intervened to investigate the matter.

The following is the full text of the 12306 statement:

In response to reports that "12306 website user information is spreading wildly on the Internet", our website has carefully verified that the leaked information all contains users' plain text passwords. All user passwords in our website database are non-plain text conversion codes that have been encrypted multiple times. The user information leaked online was leaked through other websites or channels. At present, the public security organs have intervened in the investigation.

Our website solemnly reminds all passengers that in order to protect the information security of our users, please purchase tickets through the official 12306 website. Do not use third-party ticket-grabbing software to purchase tickets, or entrust third-party websites to purchase tickets to prevent the leakage of your personal identity information.

At the same time, our website reminds passengers that some ticket-grabbing tools developed by third-party websites have bundled insurance sales functions, so please pay attention.