Dangdang Frozen Accounts Were Alleged To Be Misjudged By &Nbsp; 3 Days Only 6 Users Were Abnormal.

In March 23rd, Liang Jianpeng, senior director of Dangdang operation, was surprised to find that in the 74 hours from 22 to 22 at 24 on the evening of 19, only 6 of the users who had frozen accounts were abnormal.

Another data made Liang Jianpeng more curious.

On the 19 day, Dangdang sent SMS and mail to users who had balances and gift cards in about 500 thousand accounts.

According to their own vision, at least 80% of the customers will modify their passwords.

But in fact, the data in these three days show that less than 5% of users have changed their passwords.

Clue

Dangdang users

According to Liang Jianpeng, director of Dangdang customer service center, there were several sporadic user complaints in February, claiming that his password was invalid or could not be registered.

Dangdang has formulated several targeted measures to help users get back to normal use.

However, due to the theft of CSDN accounts for two months, most of the users of the two websites did not have a high degree of coincidence, and CSDN was a large-scale user leaked. At that time, Dangdang was just a few users who had an anomaly. Therefore Dangdang did not dare to conclude that the user account anomaly was related to the CSDN incident.

After that, it was quite "quiet", and almost nothing happened in the first week of March.

But in the second week of March, many users suddenly complained about their accounts. They could not log in, the amount was wrong, or there were strange orders. Sometimes there were twenty or thirty complaints phone calls a day.

Dangdang's customer service and technicians have realized that things are not so simple, and the situation is much more serious than imagined.

On the first hand, they reported to the CEO Li Guoqing, Dangdang's big manager, when they intensified their research on the countermeasures.

Freezing the balance and gift cards in all user accounts is a decision made at a multisectoral meeting convened by CEO Li Guoqing in Dangdang on the morning of 19. The emergency meeting attended by seven responsible persons from the customer service center, the technical department, the Ministry of justice and the operation Department was actually held two times in the morning and afternoon. The morning meeting was made by Li Guoqing personally, and decided to freeze all accounts with gift cards and balances, notify all users to change the password through the way of SMS and e-mail, and compensate all the users' losses, and report to the public security organs.

On the afternoon of 19, Li Guoqing held a meeting again to summarize the implementation of the decisions, and immediately set out the improvement of the payment process.

The data that Li Guoqing sees is that from mid February to March 19th, before the freezing of user accounts, there were 197 abnormal accounts, and the amount of loss accounts ranged from tens to hundreds, with only a very large number of accounts.

Li Guoqing thinks that although Dangdang does not need full responsibility in the legal sense, Dangdang can not live up to the trust of users, even if it is millions of dollars.

Li Guoqing hopes to make most users update their passwords in three days.

The reason why he has so much determination and cost to freeze all funds and gift card accounts may be that Chinese users attach importance to the security of passwords as easily as the color of A4 paper.

Weak password

According to Dangdang's judgment, some lawless elements have stolen the user's account and password to operate.

In fact, it is easy for some people who are slightly skilled in technology. Now many users use the same account name and password on different websites, leaving criminals with the opportunity to steal.

The 360 security center, the largest network security manufacturer in China, has issued a "password safety guide" at the end of 2011. According to the domestic popular password cracking dictionary software break list, the 25 most commonly used "weak ciphers" of Chinese netizens are summarized and summarized.

According to the information provided by 360 security experts to this newspaper, the TOP25 commonly used by Chinese netizens "

The simple combination of numbers seems to be the most popular Chinese Internet users, accounting for nearly half of the list.

For example, the lucky number of "666666" and "888888" is almost an essential part of all Chinese hacker password dictionaries, and "5201314" (I love you for life) is obviously strongly sentimental by Chinese people, and is a weak password for Chinese characteristics.

If the system account or other network account uses the above "weak password", it is easy for hackers to use the password dictionary automatically "Mongolia", resulting in personal privacy information leakage or even property loss.

Li Guoqing tried to freeze accounts in these three days, so that 80% of Dangdang users would set up a high strength password for their accounts.

However, three days later, 6 users reported abnormal accounts and less than 5% of users changed their passwords.

What is the reason why customers do not care about the property in their accounts?

Perhaps it is because the amount of money in the account is relatively small, perhaps because some users have not received the news that the Dangdang account may be stolen. Perhaps it is because the gift card does not cost much time. Maybe the reason why they do not care is precisely a reason why Dangdang employees do not want to believe, but the possibility is very high because of Li Guoqing's "full compensation" commitment.

If you lose it or lose it, why bother to change the password again?