on May 14, hunting cloud network news
well-known security platform clouds today released a major vulnerability information, millet BBS is take off pants, lead to a lot of user data leakage, clouds, leakage, or will affect the millet mobile cloud and other sensitive information. then millet official confirmed the news, said parts before August 2012 registered BBS account was illegally obtained information.
yesterday night, have a sina weibo user authentication exposes suspected leak the news, said there were 8 million data leakage.
after the millet BBS information leakage have been victims in the complaint. Users in millet BBS post said information leakage. Even the user released the recording evidence.
the clouds after exposure, millet official announcement, said there are some in August 2012, registered BBS account before the illegal access to information, said in August 2012, after the registration of millet in the event of user profile completely unaffected. “Prior to the announcement of the globe, we haven’t found the flow of visible changes and complaint report.”
the following official announcement for millet:
respect of millet user:
on May 13, 2014, we received part of the early millet BBS account information may be leaked the news, the first time made a comprehensive safety inspection.
as, there are some until August 2012 registered BBS account was illegally obtained information.
for the incident brings to the users, we apologize.
this part of the account information after strict encryption (independent Salt one-way hash value), and many users change passwords already in recent years, actually only a small fraction of possible risks. Prior to the announcement of the globe, we have not yet found the flow of visible changes and complaint report.
confirmed, in August 2012, after the registration of millet in the event of user profile completely unaffected; For registered millet BBS account before then, and after the August 2012 unmodified user password, for security reasons, we will via SMS, email, etc way prompt the change the password as soon as possible. A small number of accounts for the possible risk, we will ask the change the password immediately, modify the password way to https://account.xiaomi.com.
in the beginning, our BBS and attachment of BBS account system is used by a third party source program. In August 2012, based on safety considerations, the old system no longer use BBS account, millet will all services (including millet cloud services, m COINS, etc.) to switch to the new account security system, using the latest industry safety practices, and all data is stored for the most stringent security encryption.
user accounts and privacy security is millet emphasizes the priority, we have always held the cautious attitude, spare no effort to improve security measures, including long-distance login early warning, security token to log in. User login using the important service center (m currency, millet cloud services, etc.), will also get safety tips on the mobile end push.
we will pay close attention to the dynamic security events and user feedback, continue to follow up and notice.
millet security center
on May 14, 2014