Slashdot Mirror

← Back to Stories (view on slashdot.org)

Duplicate Login Details Enabled Hack of More Than 20 Million Chinese Consumers (thestack.com)

Posted by timothy on from the small-fraction dept.

An anonymous reader writes: According to various Chinese sources including Techweb (Chinese language), police in Zhejiang held a conference on Monday announcing that 20.59 million users of the 'Chinese eBay', taobao.com, had their login details stolen by proxy, when hackers ran user/pass combos from a stolen database of 99 million other users and found that more than 20% were using the same login credentials across different ecommerce sites.

8 of 14 comments (clear)

  1. Less eBay, more Amazon by magarity · · Score: 2, Informative

    Taobao is more like Amazon or Newegg Marketplace where everything is "sold by , packed and shipped by Taobao". Any eBay type auctioning is rare.

    1. Re:Less eBay, more Amazon by Anonymous Coward · · Score: 4, Informative

      Really? "Packed and shipped by". Not sure who told you that but you definitely have never used them. AFAIK they don't pack or ship a thing. Yes, it's not like ebay because of "no auctions", but yes, it's much more like ebay than Amazon. The provide ratings, seller histories, minor guarantees, a basic escrow system, etc. Much more eBay than NewEgg.

      I think all the people I know who do business on there, and everyone I've purchased from, would be a little shocked that taobao was doing it for them. You might be thinking more of jd.com, but even they have 3rd party sellers (their tech gear is nearly all them, though).

  2. Ignorance is bliss by sunderland56 · · Score: 2

    So, in a nutshell: the average Chinese consumer is just as ignorant about good security practices as the average American. Hardly surprising.

    1. Re:Ignorance is bliss by Fetko · · Score: 1

      Well, the complete details on using the same login credentials on multiple sites isn't covered in TFA, but I would imagine that percentage to be much higher for average Americans.

  3. duplicating login/pass by Frederic54 · · Score: 1

    I must say I do it, mostly on forums, but important things (email, banking, ebay, paypal, etc) have their own logins and passwords

    --
    "Science will win because it works." - Stephen Hawking
    1. Re:duplicating login/pass by nanoflower · · Score: 1

      I suspect most people do. You kind of have to if you are going to be active on a lot of sites because you eventually hit a point where coming up with a unique password that you can remember is next to impossible. Much like yourself I protect the important sites with unique passwords but sites that I don't care about may get the same password. The problem is that too many people don't even protect the important sites that well and end up using a common password or a username/username combo as UN/PW or the same PW on their banking site and Facebook so if one is compromised the other is easily accessed should the thief wish to do so.

  4. Duh by JustAnotherOldGuy · · Score: 2

    "...and found that more than 20% were using the same login credentials across different ecommerce sites."

    And this is why you shouldn't do that.

    Basic, basic Password Security 101. Ignore at your own risk.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  5. Re:Of course it happened by PPH · · Score: 1

    I guess what upset them most is that the most common password was 'Tiananmen'. Most common Chinese luggage combo is 888.

    --
    Have gnu, will travel.