Gotcha! Chinese Railway E-Ticketing Site Compromised

Old Trains

And just to be sure everyone’s at home during that all-important family get-together over Spring Festival…

Bad news all around lately, sadly, if you’re buying a train ticket online: Not only are tickets on a disappearing act (disappearing literally seconds after they go on sale online), but scarier still, hackers now know your user name, password, and ID numbers on the site, which is the official e-ticketing site for China Railways.

Just around Christmas, hackers managed to grasp hold of a large amount of data — with sensitive, personally identifying details. These included the user names, passwords, and personal ID data of a large number of users — most likely those who used third-party tools to get tickets. Particularly targeted were those who used third-party apps and extensions to literally “snatch” tickets shortly after they went on sale — in an attempt to grab a ticket to head back home.

These problems are a particular thorn to users who were using the exact same passwords for their e-ticketing accounts as they were for their email addresses. Complete with ID numbers, con artists could have simply hacked their email, went after their bank account, and claimed debt to in essence ruin a citizen — all by using illegally-obtained personally identifying information.

The railways seem to have reacted by offering to assist those hit, and to suggest that users make use of different passwords on different sites. It has also blocked the purchase of train tickets with conflicting schedules — so you cannot buy an extra ticket for two trains that leave only minutes apart from one other, even if you wanted to return one ticket for refunds. The police and Internet emergency authorities have been called in to deal with this mess, and if there’s any good news, the only such news left is that users who were using the regular without resorting to third-party tools weren’t affected.

You may also like...