Cn: SQL Injection Attack Exposes Sina Passwords
China’s SINA Corp has fixed a vulnerability in one of its websites that allowed unauthorised access to microblogging usernames and passwords, a Chinese web security blog reported.
Sina’s question-and-answer website, iask.sina.com.cn, was revealed to have a security loophole that made it easy to uncover Weibo account passwords and usernames, Youxia security blog reported late on Wednesday. (http://www.youxia.org/2012/01/2012-SINA-weibo-user-password-lose.html)
Youxia said the loophole had been reported to Sina and the vulnerability was fixed.
Sina said up to 300,000 accounts could have been affected by the security flaw and urged users to change their account settings.
Read more on Guardian.
As Marbridge Consulting notes, though:
While Sina has already closed the security breach, Youxia pointed out that following user data leaks at online communities CSDN.net and Tianya, Sina claimed passwords were encrypted in their database, but the exploit has proven that the majority of passwords are saved in plain text.
Read more on Marbridge Consulting.