Personal information of 5 million passengers have been compromised. This through the online ticket reservation platform 12306.
It didn’t take long for a significant data leak to occur in 2019. This time, it occurred in China. According to reports, an estimated 5 million train passengers have had their personal information sold on the dark web. This after China Railway’s online ticket platform 12306 suffered a data breach. From TechNode:
Data thieves stole the personal information of nearly 5 million people from an unconfirmed number of Chinese online ticket reservation platforms, according to Beijing police, who arrested a suspect in the case.
According to media reports, China Railway’s (CR) official online booking platform 12306 suffered a massive data breach, with information later being sold on the dark web. Compromised data reportedly included names, ID numbers, and passwords.
CR later denied the claims in a Weibo post, saying no users’ information was hacked. However, it warned passengers to avoid booking their tickets on unauthorized third-party platforms.
12306 is one of the world’s busiest websites during the first few months of the year, as millions of people buy tickets ahead of returning home to reunite with their families in celebration of the Spring Festival holiday. CR estimates more than 400 million passengers will travel on its trains over a 40-day peak period between January and March this year.
This latest security incident might suggest January could be yet another bumpy one in the world of security. Last month, Google suffered a 52 million user data leak on its Google+ platform. Earlier on, Bethesda suffered a data leak of it’s Fallout 76 game where help tickets were exposed. Even earlier back, Quora suffered a 100 million account data breach.
While data breaches and leaks back in December make this look like a small one by comparison, it is still a significant one. November and December just happened to be particularly bad for massive breaches and leaks.
While an arrest was made in the incident, if the information was actually sold to another party, the fallout will likely continue even after the perpetrator has been caught.