Tianya: the Chinese password hack that just keeps on giving

Updated happygeek 0 Tallied Votes 614 Views Share

Back in December 2011, reports were circulating regarding a data breach at one of the big Chinese social networking sites, Tianya.cn that suggested the login credentials of some 40 million users were potentially exposed. Clear text usernames and password combinations were stolen by hackers during the breach, although a Tianya spokesperson at the time said that only those users who registered before November 2009 would have had clear text logins as after that the service had implemented encryption (!) - quite why the existing membership data could not have been encrypted at this point is, frankly, beyond me. Word on the webvine at the time was that unencrypted data was not secured or deleted when the servers and systems were upgraded, and the Tianya administrators had to shoulder that failure. While the 40 million figure bandied around at the time seemed huge, later reporting suggested it wasn't that bad; 'only' 4 million users ended up having their usernames and passwords published online by the hackers for everyone to see.

Fast forward to now, and the Tianya story just keeps on giving. Steve Thomas, the co-founder of PwnedList, was interviewed recently and reckons that his outfit has managed "to find over 28 million credentials, including plaintext passwords" from that breach in 2011. The data was, according to Thomas, provided by a Chinese hacker who pointed PwnedList at a 'leak share' site including the Tianya dataset.

If you are concerned that your logins may have been compromised, you can run a quick (and free) check for mentions of your email address in the PwnedList database here. Thomas has promised a new feature coming soon that will enable searching of the breach database by username and Twitter nickname as well as email, and a new database of phishing attack victims for good measure.

53f870720379eaab937932f96225bd15

Member Avatar for LastMitch
LastMitch

Fast forward to now, and the Tianya story just keeps on giving. Steve Thomas, the co-founder of PwnedList, was interviewed recently and reckons that his outfit has managed "to find over 28 million credentials, including plaintext passwords" from that breach in 2011. The data was, according to Thomas, provided by a Chinese hacker who pointed PwnedList at a 'leak share' site including the Tianya dataset.

I hardly ever hear this company at all til now. That is very serious that is alot of members info being post like that. If Tianya is not going to fixed that issue soon then most likely Big Brother have to step in and punish Tianya and of course find the hacker which Big Brother can do because they have the power to do that.

Begginnerdev 256 Junior Poster

I am not so sure about the legitimacy of the email lookup @ pwndlist.

After typing:

a@a.a
b@b.b
c@c.c

All of the address returned N occurrences since July, 2011
All of the address had been compromised 4 months ago.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.