Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Due to loopholes in the security system, "Southeast Asia Xianyu" Carousell leaked more than 320000 Hong Kong users' data.

2024-05-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

Thanks to CTOnews.com netizen RTC for the clue delivery! CTOnews.com news on December 21, according to "Hong Kong 01" reported that the office of the Privacy Commissioner for personal data in Hong Kong today released two investigation reports, in one of which, the online trading platform Carousell (CTOnews.com Note: also known as "rotary auction"), an online trading platform known by the industry as "Southeast Asian idle fish", was accessed without permission, resulting in the leakage of personal data of 2.6 million Carousell around the world. This includes the personal data of more than 320000 users in Hong Kong.

The Office of the Privacy Commissioner of ▲ Touyuan Carousell has investigated the matter, and Carousell has previously informed the Office of the data leakage: an online forum claimed that "the personal data of 2.6 million Carousell users can be sold", including personal data of 324000 accounts in Hong Kong. Carousell said the accident was caused by a security loophole that occurred during the system migration in January last year.

Privacy Commissioner Zhong Liling pointed out that the accident was caused by the lack of different aspects of Carousell. Including not limited to the following aspects:

Privacy impact assessment is not performed prior to system migration

The code review procedure is not comprehensive

Lack of security assessment related to system migration

Lack of written policies related to code review procedures

Lack of effective detection measures

It is not ensured that effective measures have been taken to detect abnormal activity.

The Office of the Privacy Commissioner pointed out that it was very disappointing that Carousell had made a "fundamental" mistake in protecting the security of personal data held by its group. If general risk and safety assessments and related measures had been implemented, the related incidents could have been avoided.

Earlier this month, Apple, in conjunction with researchers at the Massachusetts Institute of Technology, released a report entitled "continuing threats to personal data: key factors behind growth in 2023," which showed that personal information leaks hit a record high in 2023, CTOnews.com reported.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report