Five questions "Learning"

Recently, some Weibo netizens exposed that the database information of the learning software super star learning pass was suspected to be sold public. Among them, the suspected leaky data included 1727.3 billion pieces of information such as name, mobile phone number, gender, school, school number, mailbox, and 1076 passwords 1076 Ten thousand.

As of press time, the topic of "learning" has read more than 300 million times on Weibo.

How the data was stolen

What is the responsibility of Super Star Learning

How should consumers protect personal data privacy

"China Consumer Daily" reporter is here

Interview with relevant experts

01

How is information leaked?

It is understood that Super Star Learning Tong is an app with a very high penetration rate in universities. After the leakage incident, a large number of students in the APP evaluation column in social media and app stores said that there have been recent signs of their own information.

"From the past many data leakage incidents, the cause of corporate data leakage may be both external or internal." Yao Lei, the deputy general manager of the data security expert and the deputy general manager of the data security subsidiary, "The reporter said," The attacker may use the vulnerability of the target system or the stolen privilege account to obtain the authority of the corresponding database administrator to complete the dragging behavior. "

Yao Lei believes that there are two types of internal reasons: the first may be that the improper operation of the operation and maintenance personnel causes the data to leak accidentally, and the second is the internal ghost.

In an interview with the Vice President of Qi Anxin Group and the head of innovation BG, Kong Deeliang said in an interview with the China Consumer Daily that the information leakage incident was frequent, indicating that many enterprises and institutions were in the "snacking" state. This is the current data security. The primary problem is imminent, including rumors and shortcomings, including strict control of internal transcendence or high -risk operations.

02

Will the password encryption not leak?

In this incident, Super Star Learning emphasized that the rumors of online rumors were leaked. Because they do not store the user's passwords, they adopt one -way encryption storage. Under this technical means, even if the company's internal employees (including programmers) cannot obtain the passwords, "theoretically the user's password will not leak."

"Password storage and encryption are just security protection for the storage links of the password throughout the life cycle." Ji Dun Technology CTO Zheng Dongdong told the "China Consumer Daily" reporter that there are many channels for password leakage to the platform, whether it is on the platform or the platform. Essence In other links, such as password collection (that is, the password entered by the user), transmission, use, etc., if there is no corresponding protection measures, it may be leaked.

Even if the password can ensure that there is no leakage, other sensitive information cannot be guaranteed, such as the student ID and ID card are not leaked. Therefore, the protection of sensitive information leakage is not just the protection password is not leaked.

Zheng Dongdong believes that for individuals, you can use and replace high -complexity passwords, unknown APPs, timely upgrade systems, installation of anti -virus software and other means to prevent it.

03

What is the responsibility of Super Star Learning?

He Yanzhe, the director of the Institute of Information Security Research Center of China Electronic Technology Standardization Research Institute and an expert at 3.15 Information Security Laboratory, said to the reporter of the China Consumer Daily: "The premise of the platform's responsibility is the first to implement the data leakage channel."

He Yanzhe said that the Super Star Learning Plugs claims to have reported to the police. If the police have evidence to prove that it is leakage, the super -star learning pass violations of personal information protection laws and regulations. If the user is not told to take measures such as modifying passwords to reduce risks, he should be punished in accordance with the law.

The reporter's research on the user's research on Super Star Learning found that in the "Other Statement Statement" stated that it was due to the failure to predict and control the platform's unpredictable or controlled (including but not limited And any other technologies, Internet networks, communication line reasons), include, but not limited to the security issues of user computer information and data, security issues of user personal information, etc., etc. responsibility.

"Whether this clause is effective depends on whether the platform is fulfilled in the technical security guarantee." Zhao Zhao, a lawyer of Beijing Yunjia Law Firm, told the reporter of "China Consumer Daily", "If it is because of the learning system itself, there will be loopholes As a result of hacking invasion, the exemption clause is invalid. Learning through learning still has to bear the corresponding legal liability and compensate for the loss of users. "

04

Why not get off the shelves?

In the iOS app store, many users vomit and question in the comment area. "I will take screenshots during the exam and open the camera, which is excessive." The prince of Zhejiang Ocean Academy told reporters that she didn't understand why the software with such low scores was not removed from the shelves? Why do you have to use such a clearly invasion of student privacy?

After the topic is exposed, in the iOS app store, this software that originally scored a very low score (1.4 points, a total of 5 points), and the score was as low as 1.3 points in one day.

"Generally speaking, it will not be removed from the shelves because of the low score." He Yanzhe said, "Because the score is a subjective will, there are also malicious low scores. Measures. But this score of Super Star Learning Tong is enough to remind the user that this software is not very good, so you need to be more vigilant when downloading. " The app was pushed by a certain department in some scenarios. It is required that students must download the APP in teaching and examinations, and this app scores low. The security measures are not done well. The security control of this app.

05

Is it suspected of collecting personal information over the range?

The reporter learned from the relevant clauses of Super Star Learning that when Super Star Learning provides services, it may be collected, stored, and used to use the user's mobile phone number, personal name, login account, location permissions, camera -based additional functions, pictures -based picture -based picture -based pictures, pictures -based picture -based pictures Uploaded additional functions, additional functions of voice technology, viewing WLAN status, reading SD card, listening to mobile phone call status, suspended window permissions, Bluetooth permissions, Get Tasks permissions, equipment information, software information, etc.

Is this suspected of collecting personal information? "What personal information the user needs to provide when registering, the platform has fulfilled the obligation to inform and the user's consent." Zhao Zhao said that in this case, whether the platform excessively collects personal information is the key to "whether it violates the necessity principle." And whether the evaluation platform collects personal information is necessary, and needs to be analyzed in combination with specific products, that is, "users do not provide the most basic information, the platform cannot provide it with corresponding services." For example Shopping software should collect information such as user names, collect numbers.

Produced by Chinese Consumer Newspaper New Media Editorial Department

Source/China Consumer News · China Consumer Network

Reporter/Wu Xiaoli

Edit/Pei Ying

- END -