Taobao Exposes Major Vulnerabilities To Hackers

< p > yesterday, Taobao exposed a major loophole. Hackers can log on to Taobao account by search engine without password, and get sensitive user information such as account balance, paction record, receipt address, name, cell phone number and so on.

At present, although Taobao official responded that the vulnerability has been repaired, and that it did not cause any user capital risks and losses.

However, netizens are still worried that this vulnerability will pose a serious threat to account privacy and cause another round of "open door information leakage" and trigger a new round of network fraud.

< /p >

< p > < img border= "0" align= "center" alt= "" src= "/uploadimages/201402/19/20140219060621_sj.JPG" / "> /p >

< p > yesterday afternoon, < a href= "http://www.91se91.com/news/index_c.asp" > Internet < /a > security issue publishing platform cloud cloud vulnerability reporting platform released two messages: "no password can be logged on Taobao, Alipay account", "Taobao certification flaw can lead to Taobao and Alipay account".

According to the information sent out by the dark clouds, the problem is design defect or logic error, and the hazard level is "high".

< /p >

< p > for this reason, Taobao responded on the same day. This is a short time loophole caused by the recent business rules. It has completed the repair for the first time. At the same time, it confirms that no user has caused any capital risk and loss.

However, users are still worried that personal information has been leaked, causing security risks to themselves, and attracting more online fraud such as phishing websites.

< /p >

< p > Baidu security experts believe that the two a href= "http://www.91se91.com/news/index_c.asp" > Taobao < /a > vulnerabilities exposed this time pose a threat to the user's account privacy and security. Through browser or other paths, we can browse the account information of user's paction records, but there will be no right to operate accounts.

< /p >

< p >, meanwhile, Baidu security experts remind a href= "http://www.91se91.com/news/index_c.asp" > online shopping < /a > users: using paction records to disguise as Taobao sellers for so-called replacement service fraud is already a common network frauds. This Taobao flaw does not exclude ulterior motives of illegal criminals, collects user paction information, and forges Taobao's return page for network fraud, especially for Taobao users who have just had pactions. If there is a reminder to return goods and give links and other information, we must pay attention to screening.

< /p >

< p > it is understood that the use of phishing sites and other means of fraud is already the main way for criminals to carry out Internet fraud, and the "Taobao vulnerability" incident also provides an opportunity for these people. It is suggested that users should pay attention to Taobao when shopping.

In addition, it is better to install Baidu's anti-virus and other security software with "web site identification and protection" function, and automatically intercept false, fraudulent, and hanging web sites.

< /p >