On June 21, some Weibo netizens revealed that the database information of the college student learning software Chaoxing Xuetong was suspected of being sold publicly, and the suspected leaked data included name, mobile phone number, gender, school, student number, email and other information of 100 million 72.73 million. The topic #学通# once topped the hot search on Weibo.
Interestingly, a full year ago (June 22), LinkedIn, a well-known workplace social software, was exposed to the largest data breach at the time, with over 700 million user data being sold on the dark web.
It is reported that Chaoxing Xuetong is an app with a very high penetration rate in universities. Its functions include online class punching, exam invigilation, etc. A large number of student users claimed on social media that they had recently been sent messages and calls from mobile phone numbers from other places, and some users even reported that they had received a fraudulent call from overseas a few days ago, and the other party could report their ID number and know. I have Alipay student certification.
“Judging from many data leakage incidents in the past, usually the cause of enterprise data leakage may be either external or internal, of course, it may be both.” Qi Anxin Data Security Expert, Deputy Director of Data Security Subsidiary General Manager Yao Lei analyzed that the attacker may use the target system vulnerability or the stolen privileged account to obtain the permissions of the corresponding database administrator, thereby completing the dragging behavior. Such incidents have occurred before, such as the LinkedIn data breach, which was confirmed to be caused by hackers exploiting a vulnerability in its API. Therefore, enterprises should strengthen data security protection, avoid the extensive use of weak passwords, and promptly deal with discovered security risks.
Internal reasons are also divided into two cases. The first possibility is that the improper operation of the operation and maintenance personnel leads to accidental data leakage; the second is that there is a sneaky trick. If the internal authority control is lacking or the behavior audit is flawed, internal employees (such as database administrators) can use their own System permissions, download the data in the database in batches, and then resell. From this point of view, enterprises should adopt technical means to strengthen the authority management and behavior audit of their own internal employees, and strictly control certain unauthorized or high-risk operations.
Kong Deliang, vice president of Qi Anxin Group and head of innovation BG, said that in recent years, the information leakage incidents exposed by the media have once again shown that the data of many enterprises and institutions are in a state of “streaking”, which is the current primary issue of data security. , It is imminent to make up for the shortcomings, and more than 85% of customers need to start from here.
In response to this situation, Qi Anxin released a “five-piece set” to ensure data security, namely privileged account management, bastion machine, database audit, API security guard and data security situational awareness, which can help government and enterprise organizations in the process of data security construction During the period of “Fixing Weaknesses and Preventing Streaking”, the unified management of the entire life cycle of privileged accounts, the security control and auditing of access, the auditing of data access behaviors, the protection of API interfaces and the establishment of multi-dimensional monitoring for situational awareness are carried out in an all-round way. Data security guarantee, helping enterprises to take into account business development and security compliance.
Leifeng.com
This article is reproduced from: https://www.leiphone.com/category/industrynews/buecXdC2tMQp7JoK.html
This site is for inclusion only, and the copyright belongs to the original author.