【新唐人2011年12月31日訊】大陸網站客戶信息,近期一再傳出遭到洩露,民眾的個人資料在網上一覽無遺。29號又有爆料,廣東省公安廳「出入境政務服務網」的網上申請數據被洩漏,超過400萬名大陸民眾的個人資料外洩。專家指出,長期以來,大陸的商業網站,甚至政府網站粗製濫造,不注重網路基本建設及安全,才造成用戶隱私遭到侵犯,甚至造成用戶經濟利益的損失。
大陸媒體報導,廣東省公安廳屬下的「出入境政務服務網」,因為網上申請的權限功能錯誤開放,導致普通用戶可以繞過登錄環節,直接訪問後臺查看數據。網民除了可以在不用登入的情況下查看個人資料,還能看到其他申請人的資料。這些大量外洩的資料包括申請者的姓名、護照號碼、港澳通行證號碼、出生年月、聯絡地址及電話等。
媒體形容這是一場「網上隱私洩密大災難」,有440萬人「受害」。
前雅虎中國總經理謝文:「當然首先受害的是廣大的用戶,尤其是電子商務,網絡支付這樣的,那肯定直接侵犯用戶的經濟利益。那些其他的非商務的,至少是隱私,或者是會不會出現冒名頂替?會不會詐騙?各種可能性都是有的。」
上個月,已經有網民發現這個網站存在漏洞,並且向當局舉報,但當局一直沒有理會。大陸網民批評,政府意圖隱瞞真相。網民要求當局嚴查,還公眾一個交代。
另外,香港《東方日報》30號在報導中說,廣東省政府除了公安廳外,多個網站最近也遭投訴,出現安全漏洞。有市民表示,只需要身份證號碼,就可以在「社保基金網站」看到投保人的個人資料﹔廣州市地稅局的網絡查詢系統今年9月也出現類似漏洞,網民只用身份證號碼,就可以輕易查到對方個人收入、工作單位、所得稅記錄等資料。
大陸多個知名網站近期遭黑客入侵,包括百度、網易、以及不少港人慣用的網購付款服務「支付寶」,甚至多個網購和視頻網站以及多所大學的網站等。受害網民估計超過一億人,被稱為大陸互聯網史上最大規模用戶訊息洩露事件。
對於近乎門戶大開的網站,前雅虎中國總經理謝文向《新唐人》表示,長期以來多數網站不負責任,不注重用戶的個人信息安全,對網站的基本建設粗製濫造。
前雅虎中國總經理謝文:「就是過去包括現在,無論是商業網站還是政府服務網站,都是粗製濫造,不注意網絡基本建設和基本安全,對用戶不負責任,造成了這樣的情況。」
網路資料被泄密了,究竟是誰的責任?要不要追究保護與防範的責任呢?
分析人士指出,《全國人大關於維護網際網路安全的決定》等多部法規,基本上沒有釐清個人隱私及數據庫的安全權益。然而就常理來說,駭客與用戶顯然都不是網路信息安全的第一責任人。公民作為消費者接受網站服務的時候,網站對資料自然有「妥善保管」的義務,尤其是政府網站。
就在中共當局推行網路實名制的同時,「泄密」事件卻持續發酵,個人信息安全問題令人擔憂,事件已經引起大陸民眾的恐慌。
新唐人記者秦雪、周平採訪報導。
User’s Information Leaked on China’s Official Websites
Customer information has been repeatedly
leaked in China, it has recently been exposed.
Citizens’ personal data can be easily checked on websites.
Data leaks on the website of Guangdong Immigration Services
involve personal details of over 4 million applicants.
Experts say that China’s commercial and government services
websites have long been shoddily made.
Ignorance of network infrastructure and security triggers violation
of user privacy and has even caused users’ economic losses.
China’s media has reported that the official website of
Immigration Services under
Guangdong Provincial Public Security Department
was found in error with access control.
The vulnerability led ordinary users to bypass login-in for
direct access to the backstage database.
The user can not only check his personal information,
but so can other applicants.
The customer data leakage includes: name, passport number,
serial number of Exit/Entry Permit to Hong Kong and Macau,
date of birth, address and telephone contact details , etc.
An “online privacy leak disaster", as described by the media,
involves some 4.4 million “victims" .
Former general manager of Yahoo China, Xie Wen says:
“Of course the intensive users are the first to be hurt.
Especially with e-commerce, making online payment,
this is certainly a direct violation of users’ economic interests.
For those non-business websites,
there is at least a privacy risk,
and a potential danger of impostors or of fraud,
there are all sorts of possibilities."
The website’s loophole was discovered early last month.
The internet users reported it to the authorities, but it was ignored.
China’s netizens hit out at an official intention to hide the truth,
and called for a thorough probe and an explanation to the public.
Hong Kong’s Oriental Daily reported on December 30,
that apart from the Public Security Department,
several other Guangdong authorities’ websites have been
recently reported concerning security vulnerabilities.
On the official website of Social Security Fund, a policy holder’s
personal information can be easily seen by inputting ID numbers.
In September, a similar vulnerability was found on the
inquiry system of Guangzhou Local Taxation Bureau website.
By inputting ID numbers, anyone can read another users’
personal data, including details about income, work unit, and income tax ,etc..
Recently, Baidu, Net ease, Alipay (online payment service),
and other renowned websites in China have suffered hackings.
Even many online shopping websites, video websites and also
universities have not been immune.
The number of netizen victims is estimated at over 100 million,
this is known as China’s largest user information leak event in history.
Former general manager of Yahoo China, Xie Wen,
tells NTDTV that
the majority of websites have long been irresponsible where
users’ personal information security is concerned.
and work on web infrastructure is considered to be shoddy.
Former general manager of Yahoo China, Xie Wen says:
“Even until now, no matter whether it is commercial websites
or government services websites, all are shoddily made.
They don’t care about issues of web infrastructure construction
and network security, and are not responsible to their users.
That’s the reason behind the situation. “
Who is responsible for the leaking of network data?
Will the liabilities in protection and prevention be investigated?
Analysts note that many regulations in China, including the
decision of the Standing Committee of the National People’s
Congress on Preserving Computer Network Security, do not
clarify the right to safety of the individual’s privacy and that of the database.
According to common sense, hackers and users are not obviously
the first liable persons when it comes to network information security.
When a citizen uses web services as a consumer,
the website has an obligation of safekeeping data, especially for a government website.
As the CCP regime carries out the cyber real-name
regulation system, the leaking exposure continues to grow.
Personal information security has become a concern for
the population, causing widespread panic in China.
NTD reporters Qin Xue and Zhou Ping
