SQL Injection Attack Exposes Sina Passwords
Sohu IT, 1/05/12
Chinese online security website Youxia.org today revealed a security loophole in Chinese internet company Sina's (Nasdaq: SINA) iAsk search engine that exposes user passwords.
According to the site, iAsk is vulnerable to an SQL injection attack that allows access to the iAsk database, which includes information for over 70 mln users.
As an example, Youxia.org demonstrated how it could find the username and password of popular magician Liu Qian, who confirmed on his personal microblog that the password was correct.
While Sina has already closed the security breach, Youxia pointed out that following user data leaks at online communities CSDN.net and Tianya, Sina claimed passwords were encrypted in their database, but the exploit has proven that the majority of passwords are saved in plain text.
In response to rumors on December 26 that the data of 4.76 mln Sina Weibo microblog users had been leaked, Sina said that account information was encrypted and secure.
Editor's Note: For more information on this topic, please see "Rumor: Dangdang, Alipay Suffer Data Breaches," MD 12/29/11 and "Tianya Suffers Data Breach," MD 12/27/11 issues.
Keywords: scandal Internet security users iAsk Sina online search microblogging
Sending
