Recently, there was another big news in the security circle. A weibo user named @secur_Yunshu posted: “Many people’s mobile phone numbers have been leaked, and you can check them based on your Weibo account… Someone has already found my phone number through weibo leaks and added me to wechat.”

And it is said that the mobile phone number of the CEO of Weibo was also leaked! (CEO of Weibo, the name of Weibo @ come and go, known as “Laizong”)

This matter has become quite big, and my girlfriend, who often brushes Weibo, also knew about it, and then came to ask me:

The CEO of Weibo, @Lailai, forwarded the data on Weibo, saying that it was “the data from the netease crash before 2014”.



Hit library

“Bump database” is a kind of dictionary table that hackers generate by collecting leaked information of users and passwords on the Internet. After trying to log in to other websites in batches, they can get a series of users who can log in.

Many users use the same account password on different websites, so hackers can try to log in to WEBSITE B by obtaining users’ account on website A, which can be understood as A bump attack.

Put simply, it is a thief, burglary after stealing a set of keys, and then he took this set of keys, in the entire community door to door to unlock. This process is called collision.

According to weibo’s official explanation, the leaked data came from: “At the end of 2018, users were able to match the nicknames of millions of accounts by uploading their address books through a batch of mobile phones through the relevant interface of Weibo.”

This operation is indeed a kind of collision library, is to take a prepared batch phone number, and then match the corresponding weibo account through the weibo interface.

This shows that before, because the interface of Weibo itself was not secure enough, the data was obtained by others through the way of bumping into the database. Although security policies were strengthened in time, a large amount of data was exposed.

leaking

“Leakage” refers to data leakage caused by some enterprises’ own risk.

Generally, the enterprise does not follow the unified and standardized process to set up services, such as critical data isolation, hierarchical permission control, and data encryption and storage.

Drag the library

Drag-and-drop was originally a database term for exporting data from a database. Nowadays, it is used to refer to the database stolen by hackers after a website has been invaded.

The process by which hackers steal databases through technical means is called dragging libraries. It’s like a thief stealing something.

The usual steps for “drag and drop” are:

  • 1. Hackers scan the target website for vulnerabilities, including SQL injection and file upload. (Thief stands guard)

  • 2. Through this vulnerability, a “Webshell” is established on the website server to obtain the permission of the server operating system through the back door. (The thief tried to get into the house)

  • 3. Use the system permission to directly download the backup database, or find the database link, and export it to the local. (The thief stole valuable things.)

Thieves want to steal the premise is to be able to enter, so, in the Internet, hackers are generally using the loopholes of the website itself to invade.

The most common way of website invasion is that hackers use the vulnerability of the website to attack the website. The website vulnerabilities mentioned here include the vulnerabilities of the website application itself, the vulnerabilities of the WEB server used by the website, the vulnerabilities of the open source framework used by the website, and the vulnerabilities of the database used by the website.

For example, if an application is not protected against SQL injection or has file upload vulnerabilities, it is highly likely to be hacked.

Hackers may also use system vulnerabilities to hang horses on specific websites. If the website administrator visits these websites carelessly while maintaining the system, it may be implanted with Trojan horses, which will also cause the subsequent risk of dragging libraries.

Wash the library

“Library washing”, a kind of hacker invasion, is to hack into the website, through technical means to summarize and analyze valuable user data, sell for cash.

To put it simply, a thief steals a lot of stuff after breaking into a house. He sorts and fences the stolen goods.

For example, 538 million pieces of weibo user information were sold on the dark web, of which 172 million had basic account information for 0.177 bitcoin. This process is washing the warehouse.

The account information involved in this cleaning includes user ID, number of weibo posts published by the account, number of fans, number of followers, gender, geographical location, etc. There are users in Telegram through transactions, has bought their own micro blog binding main information, including account id number, password, mobile phone number and so on.