A file photo shows a screenshot of the webpage of 12306.cn on Dec 28, 2013. [Photo/IC]
|
Over 140,000 personal ID numbers, e-mail addresses and phone numbers of train ticket buyers have been leaked online for sale, Tencent technology reported on Thursday.
According to Tencent's report, a webpage published on WooYun.org, an Chinese online platform sharing information about system security vulnerabilities and a gathering place for hackers, released the news.
Real-name registration is required to use the official ticket-selling website, 12306.cn.
An official statement has been posted on 12306.cn later after news of the security breach went viral on Sina Weibo, China's twitter-liked microblog.
According to the statement by 12306.cn, the personal information "leaked" online contains plain text passwords, which are not used by the site.
"All our users' passcodes are muti-encrypted with non-plaintext passwords. The information released online is believed to be from third party websites or channels," said the statement.
The statement also indicated that police are now investigating the case.
So far, China Academy of Railway Sciences, who operates the site and China's national Computer Network Emergency Response Technical Team and Coordination Center have not responded publically on the matter.