Cyber-Police Detain Suspect Over Railway Data Breach
Beijing’s cyber-authorities have detained a man for allegedly buying, stealing, and selling over 600,000 people’s personal information, police announced Monday. The data had been taken from the country’s national railway ticketing website.
The suspect, a 25-year-old man surnamed Chen who works at a Beijing-based tech company, was detained on Saturday for exchanging civilians’ personal information, according to a Beijing police unit tasked with combating cybercrimes. The images contained usernames and passwords to 12306.cn, as well as people’s real names, phone numbers, home addresses, email addresses, and answers to security questions. Those affected by the leak were 12306 users as well as people who had been bought tickets by hacked users.
With the investigation still ongoing, the cyber-police unit hasn’t revealed how Chen made his initial purchases of login information. Sixth Tone’s calls to China Railway Group Limited, which operates 12306, went unanswered on Wednesday.
An online account — later revealed in the police statement as belonging to Chen — posted ads of stolen user information to attract prospective buyers, according to Sixth Tone’s sister publication, The Paper. The images contained usernames and passwords to 12306, as well as users’ real names, phone numbers, home addresses, email addresses, and answers to security questions.
The news attracted national attention on Friday after netizens shared the screenshots — with personal details redacted — on social media. In a post on microblogging platform Weibo, China Railway Group dismissed the concerns as “rumors,” maintaining that there had been no breach of its booking platform. In December 2014, the personal information of 130,000 passengers was confirmed to have been leaked from 12306.
Currently, China is investing in cutting-edge technology to prevent the illegal sale of personal information. This has not, however, stopped hackers from stealing users’ valuable data. Huazhu Group, the owner of several hotel chains in China, fell victim to a massive data breach involving some 130 million guests last year, with their information being sold in bundles for 8 bitcoins (over $55,000) each.
Editor: Bibek Bhandari.
(Header image: A smartphone displays train schedules on China Railway Group’s 12306 app in Beijing, Sept. 6, 2018. IC)