DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hacker, suspected of 6 million user CSDN info leak, detained

Posted on March 21, 2012 by Dissent

Zhao Wen of The Shanghai Daily reports that a suspect has been detained in the CSDN breach that made headlines in December:

The suspect surnamed Zeng was held in Wenzhou, eastern Zhejiang Province on February 4 after Beijing police opened an investigation into the case on December 22, the paper said.

The leak, considered the biggest in China’s Internet history, occurred on December 21 when the personal information of more than 6 million users of the China Software Developer Network (CSDN) was exposed on the Internet for free downloading.

Read more on The Shanghai Daily.

In January, The China Daily had reported that a 19-year-old jobless man surnamed Xu was had faked a large-scale leak of personal data just to “show-off.” It’s not clear from the current news report whether there is any connection between Xu and the suspect who was detained last month.

While the leak occurred in December 2011, the hack reportedly occurred in April 2010, raising the question as to when the police and CSDN first knew that the database had been hacked.

Zeng caught police’s attention because he claimed in an online post in September 2010 that he gained command of the CSDN database and wanted to cooperate with the website, it was reported.

He admitted to hacking into the CSDN server in April 2010 through a system loophole and sneaking into an online recharge platform and a stock brokerage system.

So the police became interested in September 2010 and CSDN says that their system has been secure since September 2010. Did they actually confirm the April 2010 hack at that time? If so, that raises the question as to why there was no disclosure at that time.

CSDN has not yet issued any statement that I’ve been able to find in English in response to the detention or clarifying when they first knew of the hack. If any readers can find more information, please use the Comments section below to share it.

CRIEnglish.com notes that five suspects were arrested on March 20, so I expect we’ll see more coverage soon.

Related posts:

  • 45 Chinese websites hacked and defaced for free tibet by #anonymous
  • 50 busted in Shanghai for stealing and selling personal info (updated)
  • Cn: CSDN “hack” was an insider leak, and many other reported “hacks” were fabricated leaks – authorities
Category: Breach IncidentsBusiness SectorExposureHackNon-U.S.

Post navigation

← Ph: Senate approves Data Privacy Act on 3rd reading
Cn: Dangdang Freezes Accounts After Hacking Incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.