Last week, hackers launched an attack(In Mandarin) on Damai Net, a Chinese website that allows users to purchase show tickets online, and intercepted a large amount of personal information of registered users of the website. The hackers then used the stolen personal information, disguised as the website’s customer services staff, and successfully defrauded nearly 1.5 million yuan ($220,000 USD). It is reported that more than 10 users have fallen prey to this fraud and the average financial loss per victim reaches 100,000 yuan.
It is reported that the attackers used the same hacking method that OurMine Team used to pull off the hacks on Mark Zuckerberg’s Facebook and Twitter accounts. Simply put, a large number of Internet users re-use passwords for different websites. The passwords may be several years old, but they can still be useful to hackers, who then use them to try to break into other accounts, hoping that they will stumble on users who do not take the age-old advice to not re-use passwords.
This is not the first time the Chinese website got hacked. In 2015, Damai Net was reported to have been attacked by the same method for at least four times.
In the case of Mark Zuckerberg, the hacker team claimed that the successful hacking was all thanks to the LinkedIn password dump couple months ago. Millions of LinkedIn user account details leaked online last month — the company responded by invalidating the credentials and contacting affected members to reset their passwords.
Beyond the LinkedIn theft, there were also recent leaks of 360 million email addresses and passwords belonging to users of MySpace.com. Since May, the website Leakedsource.com, which sells access to the stolen information, has added close to one billion records to its database, a LeakedSource representative said later.
According to a report(In Mandarin) released by the Internet Society of China, Chinese Internet users have suffered from a total financial loss of 91.5 billion yuan due to spams, schemes, and personal data leakage on the Internet. Cybersecurity experts recommended that “everyone use a strong and unique password that isn’t used on other sites.”
As always, practice good password management, and use an excellent VPN.