【新唐人2011年12月31日讯】大陆网站客户信息,近期一再传出遭到泄露,民众的个人资料在网上一览无遗。29号又有爆料,广东省公安厅“出入境政务服务网”的网上申请数据被泄漏,超过400万名大陆民众的个人资料外泄。专家指出,长期以来,大陆的商业网站,甚至政府网站粗制滥造,不注重网路基本建设及安全,才造成用户隐私遭到侵犯,甚至造成用户经济利益的损失。
大陆媒体报导,广东省公安厅属下的“出入境政务服务网”,因为网上申请的权限功能错误开放,导致普通用户可以绕过登录环节,直接访问后台查看数据。网民除了可以在不用登入的情况下查看个人资料,还能看到其他申请人的资料。这些大量外泄的资料包括申请者的姓名、护照号码、港澳通行证号码、出生年月、联络地址及电话等。
媒体形容这是一场“网上隐私泄密大灾难”,有440万人“受害”。
前雅虎中国总经理谢文:“当然首先受害的是广大的用户,尤其是电子商务,网络支付这样的,那肯定直接侵犯用户的经济利益。那些其他的非商务的,至少是隐私,或者是会不会出现冒名顶替?会不会诈骗?各种可能性都是有的。”
上个月,已经有网民发现这个网站存在漏洞,并且向当局举报,但当局一直没有理会。大陆网民批评,政府意图隐瞒真相。网民要求当局严查,还公众一个交代。
另外,香港《东方日报》30号在报导中说,广东省政府除了公安厅外,多个网站最近也遭投诉,出现安全漏洞。有市民表示,只需要身份证号码,就可以在“社保基金网站”看到投保人的个人资料﹔广州市地税局的网络查询系统今年9月也出现类似漏洞,网民只用身份证号码,就可以轻易查到对方个人收入、工作单位、所得税记录等资料。
大陆多个知名网站近期遭黑客入侵,包括百度、网易、以及不少港人惯用的网购付款服务“支付宝”,甚至多个网购和视频网站以及多所大学的网站等。受害网民估计超过一亿人,被称为大陆互联网史上最大规模用户讯息泄露事件。
对于近乎门户大开的网站,前雅虎中国总经理谢文向《新唐人》表示,长期以来多数网站不负责任,不注重用户的个人信息安全,对网站的基本建设粗制滥造。
前雅虎中国总经理谢文:“就是过去包括现在,无论是商业网站还是政府服务网站,都是粗制滥造,不注意网络基本建设和基本安全,对用户不负责任,造成了这样的情况。”
网路资料被泄密了,究竟是谁的责任?要不要追究保护与防范的责任呢?
分析人士指出,《全国人大关于维护网际网路安全的决定》等多部法规,基本上没有厘清个人隐私及数据库的安全权益。然而就常理来说,骇客与用户显然都不是网路信息安全的第一责任人。公民作为消费者接受网站服务的时候,网站对资料自然有“妥善保管”的义务,尤其是政府网站。
就在中共当局推行网路实名制的同时,“泄密”事件却持续发酵,个人信息安全问题令人担忧,事件已经引起大陆民众的恐慌。
新唐人记者秦雪、周平采访报导。
User’s Information Leaked on China’s Official Websites
Customer information has been repeatedly
leaked in China, it has recently been exposed.
Citizens’ personal data can be easily checked on websites.
Data leaks on the website of Guangdong Immigration Services
involve personal details of over 4 million applicants.
Experts say that China’s commercial and government services
websites have long been shoddily made.
Ignorance of network infrastructure and security triggers violation
of user privacy and has even caused users’ economic losses.
China’s media has reported that the official website of
Immigration Services under
Guangdong Provincial Public Security Department
was found in error with access control.
The vulnerability led ordinary users to bypass login-in for
direct access to the backstage database.
The user can not only check his personal information,
but so can other applicants.
The customer data leakage includes: name, passport number,
serial number of Exit/Entry Permit to Hong Kong and Macau,
date of birth, address and telephone contact details , etc.
An “online privacy leak disaster", as described by the media,
involves some 4.4 million “victims" .
Former general manager of Yahoo China, Xie Wen says:
“Of course the intensive users are the first to be hurt.
Especially with e-commerce, making online payment,
this is certainly a direct violation of users’ economic interests.
For those non-business websites,
there is at least a privacy risk,
and a potential danger of impostors or of fraud,
there are all sorts of possibilities."
The website’s loophole was discovered early last month.
The internet users reported it to the authorities, but it was ignored.
China’s netizens hit out at an official intention to hide the truth,
and called for a thorough probe and an explanation to the public.
Hong Kong’s Oriental Daily reported on December 30,
that apart from the Public Security Department,
several other Guangdong authorities’ websites have been
recently reported concerning security vulnerabilities.
On the official website of Social Security Fund, a policy holder’s
personal information can be easily seen by inputting ID numbers.
In September, a similar vulnerability was found on the
inquiry system of Guangzhou Local Taxation Bureau website.
By inputting ID numbers, anyone can read another users’
personal data, including details about income, work unit, and income tax ,etc..
Recently, Baidu, Net ease, Alipay (online payment service),
and other renowned websites in China have suffered hackings.
Even many online shopping websites, video websites and also
universities have not been immune.
The number of netizen victims is estimated at over 100 million,
this is known as China’s largest user information leak event in history.
Former general manager of Yahoo China, Xie Wen,
tells NTDTV that
the majority of websites have long been irresponsible where
users’ personal information security is concerned.
and work on web infrastructure is considered to be shoddy.
Former general manager of Yahoo China, Xie Wen says:
“Even until now, no matter whether it is commercial websites
or government services websites, all are shoddily made.
They don’t care about issues of web infrastructure construction
and network security, and are not responsible to their users.
That’s the reason behind the situation. “
Who is responsible for the leaking of network data?
Will the liabilities in protection and prevention be investigated?
Analysts note that many regulations in China, including the
decision of the Standing Committee of the National People’s
Congress on Preserving Computer Network Security, do not
clarify the right to safety of the individual’s privacy and that of the database.
According to common sense, hackers and users are not obviously
the first liable persons when it comes to network information security.
When a citizen uses web services as a consumer,
the website has an obligation of safekeeping data, especially for a government website.
As the CCP regime carries out the cyber real-name
regulation system, the leaking exposure continues to grow.
Personal information security has become a concern for
the population, causing widespread panic in China.
NTD reporters Qin Xue and Zhou Ping
