0

Back in December 2011, reports were circulating regarding a data breach at one of the big Chinese social networking sites, Tianya.cn that suggested the login credentials of some 40 million users were potentially exposed. Clear text usernames and password combinations were stolen by hackers during the breach, although a Tianya spokesperson at the time said that only those users who registered before November 2009 would have had clear text logins as after that the service had implemented encryption (!) - quite why the existing membership data could not have been encrypted at this point is, frankly, beyond me. Word on the webvine at the time was that unencrypted data was not secured or deleted when the servers and systems were upgraded, and the Tianya administrators had to shoulder that failure. While the 40 million figure bandied around at the time seemed huge, later reporting suggested it wasn't that bad; 'only' 4 million users ended up having their usernames and passwords published online by the hackers for everyone to see.

Fast forward to now, and the Tianya story just keeps on giving. Steve Thomas, the co-founder of PwnedList, was interviewed recently and reckons that his outfit has managed "to find over 28 million credentials, including plaintext passwords" from that breach in 2011. The data was, according to Thomas, provided by a Chinese hacker who pointed PwnedList at a 'leak share' site including the Tianya dataset.

If you are concerned that your logins may have been compromised, you can run a quick (and free) check for mentions of your email address in the PwnedList database here. Thomas has promised a new feature coming soon that will enable searching of the breach database by username and Twitter nickname as well as email, and a new database of phishing attack victims for good measure.

53f870720379eaab937932f96225bd15

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3
Contributors
2
Replies
34
Views
4 Years
Discussion Span
Last Post by Begginnerdev
1

Fast forward to now, and the Tianya story just keeps on giving. Steve Thomas, the co-founder of PwnedList, was interviewed recently and reckons that his outfit has managed "to find over 28 million credentials, including plaintext passwords" from that breach in 2011. The data was, according to Thomas, provided by a Chinese hacker who pointed PwnedList at a 'leak share' site including the Tianya dataset.

I hardly ever hear this company at all til now. That is very serious that is alot of members info being post like that. If Tianya is not going to fixed that issue soon then most likely Big Brother have to step in and punish Tianya and of course find the hacker which Big Brother can do because they have the power to do that.

1

I am not so sure about the legitimacy of the email lookup @ pwndlist.

After typing:

a@a.a
b@b.b
c@c.c

All of the address returned N occurrences since July, 2011
All of the address had been compromised 4 months ago.

Edited by Begginnerdev

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.