Slashdot Mirror

← Back to Stories (view on slashdot.org)

Duplicate Login Details Enabled Hack of More Than 20 Million Chinese Consumers (thestack.com)

Posted by timothy on from the small-fraction dept.

An anonymous reader writes: According to various Chinese sources including Techweb (Chinese language), police in Zhejiang held a conference on Monday announcing that 20.59 million users of the 'Chinese eBay', taobao.com, had their login details stolen by proxy, when hackers ran user/pass combos from a stolen database of 99 million other users and found that more than 20% were using the same login credentials across different ecommerce sites.

14 comments

  1. Less eBay, more Amazon by magarity · · Score: 2, Informative

    Taobao is more like Amazon or Newegg Marketplace where everything is "sold by , packed and shipped by Taobao". Any eBay type auctioning is rare.

    1. Re:Less eBay, more Amazon by Anonymous Coward · · Score: 4, Informative

      Really? "Packed and shipped by". Not sure who told you that but you definitely have never used them. AFAIK they don't pack or ship a thing. Yes, it's not like ebay because of "no auctions", but yes, it's much more like ebay than Amazon. The provide ratings, seller histories, minor guarantees, a basic escrow system, etc. Much more eBay than NewEgg.

      I think all the people I know who do business on there, and everyone I've purchased from, would be a little shocked that taobao was doing it for them. You might be thinking more of jd.com, but even they have 3rd party sellers (their tech gear is nearly all them, though).

    2. Re:Less eBay, more Amazon by Anonymous Coward · · Score: 0

      You're thinking of tmall, their 'legit' brand. Taobao is more like craigslist. Literally anything goes.

  2. Chinese get hacked...lol by Anonymous Coward · · Score: 0

    I call that sweet, sweet justice. If their government wants to turn a blind eye to what their people do to the rest of the world, I'm not going to start giving a shit when they prey on their own.

  3. Ignorance is bliss by sunderland56 · · Score: 2

    So, in a nutshell: the average Chinese consumer is just as ignorant about good security practices as the average American. Hardly surprising.

    1. Re:Ignorance is bliss by Fetko · · Score: 1

      Well, the complete details on using the same login credentials on multiple sites isn't covered in TFA, but I would imagine that percentage to be much higher for average Americans.

  4. Of course it happened by Anonymous Coward · · Score: 0

    Who would have guessed that duplicate logins would be an issue when you have a billion people named chin or chong.

    1. Re:Of course it happened by PPH · · Score: 1

      I guess what upset them most is that the most common password was 'Tiananmen'. Most common Chinese luggage combo is 888.

      --
      Have gnu, will travel.
  5. duplicating login/pass by Frederic54 · · Score: 1

    I must say I do it, mostly on forums, but important things (email, banking, ebay, paypal, etc) have their own logins and passwords

    --
    "Science will win because it works." - Stephen Hawking
    1. Re:duplicating login/pass by nanoflower · · Score: 1

      I suspect most people do. You kind of have to if you are going to be active on a lot of sites because you eventually hit a point where coming up with a unique password that you can remember is next to impossible. Much like yourself I protect the important sites with unique passwords but sites that I don't care about may get the same password. The problem is that too many people don't even protect the important sites that well and end up using a common password or a username/username combo as UN/PW or the same PW on their banking site and Facebook so if one is compromised the other is easily accessed should the thief wish to do so.

    2. Re:duplicating login/pass by Anonymous Coward · · Score: 0

      I suspect most people do. You kind of have to if you are going to be active on a lot of sites because you eventually hit a point where coming up with a unique password that you can remember is next to impossible.

      No, it is trivial. Have a common root, and attach the site's name to it. that is your password, unique for each site. Yes, it is trivial for a human to break, if he reads one of those. But it will still thwart automated attacks like this one - and so may be good enough for "forums".

  6. Duh by JustAnotherOldGuy · · Score: 2

    "...and found that more than 20% were using the same login credentials across different ecommerce sites."

    And this is why you shouldn't do that.

    Basic, basic Password Security 101. Ignore at your own risk.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  7. A humble plug by Anonymous Coward · · Score: 0

    If you're a techie, electronic password wallets are a good way to avoid flaling into this trap; but for non-techies or those who want something that just works, no batteries/cloud required; please check out these products... I designed them to be simple enough for anyone to use no matter how technophobic they may be.

    http://bit.ly/1OIzItV+ (Tindie.com)

    1. Re:A humble plug by Anonymous Coward · · Score: 0

      No way. The only reason to use http://bit.ly/ or its ilk on slashdot is to hide goat.cx, no thank you.