1.4 billion pieces of Tencent user data stolen? In the AI era, "old data" poses new security risks
2024-08-14
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
Internet accounts and passwords from ten years ago are not only keys for ordinary netizens to reminisce about the past, but may also be materials for criminals to conduct data analysis.
On August 14, a hacker named "Fenice" publicly stated that he had stolen a massive database, including 1.4 billion records related to Tencent.com. The compressed data capacity was 44GB, which would reach 500GB after decompression.
Previously, Fenice stole the "National Public Data" operated by the American background investigation company Jerico Pictures and obtained 2.7 billion personal data records covering social security numbers, involving multiple countries including the United States, Canada, and the United Kingdom.
Regarding the data theft, Tencent Group (0700.HK) responded: "In the past two years, similar false information has been hyped up by overseas hackers many times, and the data caliber has continued to expand. There have been multiple versions such as 700 million, 1.2 billion, and 1.4 billion, and it has also been maliciously linked to multiple domestic Internet products. The above information is not true. It is actually pieced together and inflated by the black industry using historical data."
Tencent has had user data stolen in the past. In November 2013, the domestic security vulnerability monitoring platform Wuyun released a report saying that Tencent QQ group relationship data was leaked, and it was easy to find the data download link on Xunlei Kuaishou. Based on the QQ number, a large amount of personal privacy such as name, age, social network and even work experience can be queried.
At that time, Tencent responded that the QQ group database leak was indeed true, but the vulnerability was discovered in 2011 and was fixed in time, and does not affect the normal use of existing users.
At present, the risks involving user security mainly focus on the network security vulnerabilities that may be caused by stolen user data. Zhang Haichuan, vice president of Anheng Information, told reporters that "old data + water injection action repeated hype" refers to hackers using old user data that has been obtained before, through some artificial, false or exaggerated operations (i.e. water injection actions), to process, disseminate or use these data many times in order to attract attention, create chaos, make profits or other bad purposes. For example, hackers may tamper with old data, add false information, and then repeatedly display and disseminate these "watered" data on different occasions or platforms, causing some kind of impact or misleading the public. This behavior is usually deceptive and harmful.
Zhang Haichuan believes that one of the biggest risks of old data is that it is combined with cutting-edge technologies such as AI to analyze user portraits in order to profit from risky scenarios such as finance. This also includes user privacy leakage, identity theft, reputation damage, etc.
Tian Jiyun, a network security expert, told reporters that user data in social tools, e-commerce or financial scenarios, even historical data, will generate "value" because it involves finance, accounts, passwords, contact information, user behavior habits, etc. For example, other account passwords can be collided based on historical data, user portraits or user analysis can be done, and even AI feeding can be performed. Especially in the context of the current AI technology upgrade, the collateral impact of the loss of user data cannot be underestimated.
Tian Jiyun said that at present, simply stealing online user accounts and passwords will not bring much profit, because the public's awareness of network security has been improved. However, based on account passwords and historical data, making a simple user portrait, triggering subsequent online acquaintance telecommunications fraud, AI face-changing fraud, and fraud that induces downloading APPs, etc., still has a greater potential for criminal profit, and personal data is only a material in the subsequent fraud chain.
The reason why the subsequent links are more risky is that the upgrade of AI technology is accompanied by the synchronous upgrade of hacker technology. Zhang Haichuan said that with the upgrade of AI technology, hacker technology and actions to steal platform user data have changed significantly: First, hackers use AI to simulate and predict attacks more intelligently, and use AI algorithms to analyze the security protection mode of the target platform, so as to find more accurate attack entry points and increase the success rate of attacks. Second, AI helps hackers generate more deceptive phishing content. By learning a large number of real user communication patterns and language habits, hackers can create fraudulent information that is indistinguishable from the real thing, inducing users to actively disclose sensitive data.
In addition, hackers can use AI technology to quickly screen and analyze data. After obtaining a large amount of data, they can more efficiently extract valuable information from it, such as key data such as the user's personal identity and financial status. Fourth, AI can be used to develop automated attack tools. This allows attacks to be launched more quickly and frequently, putting greater pressure on the platform's defense. Therefore, while AI technology brings convenience to us, it is also used by hackers, making data theft more complicated and difficult to prevent.
Tian Jiyun said that as a platform, the current protection measures of platform companies have been upgraded, and large companies have many means and measures to pay attention to user data. For the loss of "old data", more risk protection is required on the user side, including regular password changes, not using the same password for multiple accounts, not authorizing accounts to log in to unfamiliar third-party platforms, and not scanning unfamiliar QR codes.
Zhang Haichuan recommends that users strengthen their passwords, be cautious about online links and attachments, pay close attention to software updates, avoid excessive exposure of personal sensitive information, enable two-factor authentication, check account activities regularly, choose reliable platforms and services, and improve security awareness.
(This article comes from China Business Network)
