Xuetong exposed a large-scale incident of being dragged from the library. 170 million pieces of information were sold publicly, affecting a large number of colleges and universities across the country. The official response said that no evidence was found.

It was reported on June 21 that a screenshot suddenly appeared on the Internet recently, and it was quickly and widely spread on major platforms. The screenshot shows: “Selling Learning Pass Data”, “A total of 172.73 million pieces”, “10.76 million including passwords” , “12,000 RMB”.


According to the M78 security team’s public account yesterday, the database information of the college student learning software Chaoxing Xuetong is being publicly sold by hackers through illegal channels. The specific situation is temporarily unknown. The peddled data included 172.73 million pieces of information such as name, mobile phone number, gender, school, student ID, and email address. Subsequently, #学通databasesuspected information leak# rushed to the hot search on Weibo.

At present, the official account has deleted the article and released a message saying that the relevant information about the suspected information leakage of the Xuetong database of a certain star was first disclosed by the relevant security researchers of our company. Since the incident is under investigation, in order to avoid causing public opinion Excessive attention, the article was deleted yesterday afternoon. Relevant questions have not been responded to for the time being, and relevant departments have been involved in the investigation.


It is understood that a large number of Chaoxing Xuetong users on Weibo said that recently, some mobile phone numbers from other places have sent messages and calls to themselves, and some users even reported that they received overseas fraudulent calls a few days ago, and the other party can report their own ID number, know that you have Alipay student certification.


Some netizens said on social media: Damn! This is a very popular app on college campuses! You can go to class and take exams. Students not only have to turn on the microphone to play video, but also record the screen and record the sound. They also have to show their ID cards for the exam… Then you have to bang nearly 200 million pieces of information leaked?


Afterwards, many netizens posted that they suspected that major colleges and universities had issued relevant notices about the leakage of the Xuetong database. The notification shows:

After receiving an important notice from the education network, Chaoxing Learningtong has confirmed that it has been towed to the database. It is confirmed that the leaked data includes 1,772.73 million pieces of information such as institution name, school, student number, mobile phone number, gender, password, and email address. Involving a large number of colleges and universities across the country, the emergency safety response is A-level. If your other system password is the same as the Chaoxing Learning Pass password, please change it to a new password as soon as possible to prevent credential stuffing from causing more harm to yourself, and beware of fraud.



On the afternoon of the 21st, the official account of Xuetong released the “Statement on the Rumor of “Suspected Xuetong User Data Leakage” on June 21: Our company received feedback on “suspected Xuetong APP user data leakage” last night, and immediately organized technical Investigation, the investigation work has been carried out for more than ten hours, and no clear evidence of user information leakage has been found so far. In view of the seriousness of the matter, we have reported the case to the public security organs, and the public security organs have been involved in the investigation.

Xuetong does not store the user’s plaintext password, and adopts one-way encrypted storage. In theory, the user’s password will not be leaked. Under this technical means, even the company’s internal employees (including programmers) cannot obtain the password in plaintext. The company confirmed that online rumors that the password had been leaked were untrue. User information security is a major issue. Our company attaches great importance to it and will assist the public security organs to continue in-depth investigations to fully protect user information and data security.

It is worth mentioning that in 2020, users have complained that Xuetong requires various permissions to be opened, and even privately intercepts the user’s screen, questioning its serious violation of personal privacy, and worrying about whether it is a large amount of user information theft.


The Qichacha APP shows that Beijing Century Chaoxing Information Technology Development Co., Ltd., an affiliate of Chaoxing Learningtong, was established in January 2000 with a registered capital of 30 million and its legal representative, Fu Guoming. Operational risk information shows that the company has been supervised by the Information and Communications Administration for rectification on many occasions due to illegal collection and use of personal information.

What is a tow library?

It is understood that the drag library was originally a term in the database field, referring to exporting data from the database. Originally such a simple thing, after many attacks by illegal hackers, it was used to refer to the behavior of illegal hackers invading valuable network sites and stealing all the data databases of registered users.

The usual steps for dragging a library are:

First, the hacker scans the target website to find its loopholes. Common loopholes include SQL injection and file upload loopholes.

Second, through this vulnerability, a “backdoor (webshell)” is established on the website server, and the permissions of the server operating system are obtained through the backdoor.

Third, use the system authority to directly download the backup database, or find the database link, and export it to the local.

In addition to dragging the library, there are also terms such as credential stuffing, library washing, and social engineering library.

Among them, credential stuffing refers to using a large number of account passwords of one website to go to another website to try to log in. Database washing is that after hacking a website and obtaining a large amount of user data, the valuable user data is realized through a series of technical means and the black industry chain. And social engineering library: Hackers associate various databases they have acquired to conduct a comprehensive portrait of users.

It is worth noting that these “libraries” can also form a black industry chain:

After hackers invade website A, they drag the website to the database, and the obtained data can be stored in their own social engineering database, or they can be directly washed and realized. After getting this part of the data, go to website B to try to log in, and this can be called credential stuffing. The data after the database bumping can continue to be stored in the social engineering database, or the database can be washed and realized, and this cycle…

According to Leifeng.com, the harm of towing warehouses is usually beyond our imagination.

According to the data, some netizens are accustomed to setting the same password for accounts such as mailboxes, Weibo, games, online payment, shopping, etc. Once the database is leaked, all user information will be released to the public, and anyone can use the password to go to various websites. Attempting to log in is fatal to some sensitive financial industries, and may cause loss or leakage of property and personal privacy to ordinary users.

As early as 2011, a number of Internet sites were hacked to disclose user databases, and more than 50 million user accounts and passwords were circulated online.

On December 21, 2011, the database of a professional website began to be madly forwarded online, including the leakage of more than 6 million registered email addresses and passwords in plain text. A large number of affected users changed their passwords overnight. Since then, the user databases of 5 websites including 178 Game.com have been released one after another, and the media has revealed that dozens of large websites such as Kingsoft Internet Security have been “dragged” by hackers, thus pushing the password crisis to a peak at the end of 2011.

On October 17, 2015, a Weibo user posted that the NetEase mailbox was brute-forced. NetEase responded on the official Weibo account, saying that this was caused by “creepy stuffing”, that is, hackers collected leaked information from the Internet. User and password information, try to log in to other sites in bulk. On the afternoon of the 19th, “Passerby Jia”, a user of the dark cloud platform who discovered the website security vulnerability, released the “NetEase 163/126 Mailbox Over 100 Million Data Leakage”. The report stated that the leaked information included username, password, password-protected information, login IP and user birthday and other original information, the total number of influences is nearly 500 million. The official Weibo of NetEase Free Mailbox issued another response on the 19th, saying that NetEase Mailbox does not have its own data leakage problem.

But then, the National Internet Emergency Center confirmed that NetEase mailbox data was leaked. The leaked data included an email account, the MD5 of the mailbox password, the MD5 of the security question and the MD5 of the security answer.

This article is reprinted from: https://www.leiphone.com/category/industrynews/8yHwYPIkn8r1e8I9.html
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment

Your email address will not be published.