Zhao Wen of The Shanghai Daily reports that a suspect has been detained in the CSDN breach that made headlines in December:
The suspect surnamed Zeng was held in Wenzhou, eastern Zhejiang Province on February 4 after Beijing police opened an investigation into the case on December 22, the paper said.
The leak, considered the biggest in China’s Internet history, occurred on December 21 when the personal information of more than 6 million users of the China Software Developer Network (CSDN) was exposed on the Internet for free downloading.
Read more on The Shanghai Daily.
In January, The China Daily had reported that a 19-year-old jobless man surnamed Xu was had faked a large-scale leak of personal data just to “show-off.” It’s not clear from the current news report whether there is any connection between Xu and the suspect who was detained last month.
While the leak occurred in December 2011, the hack reportedly occurred in April 2010, raising the question as to when the police and CSDN first knew that the database had been hacked.
Zeng caught police’s attention because he claimed in an online post in September 2010 that he gained command of the CSDN database and wanted to cooperate with the website, it was reported.
He admitted to hacking into the CSDN server in April 2010 through a system loophole and sneaking into an online recharge platform and a stock brokerage system.
So the police became interested in September 2010 and CSDN says that their system has been secure since September 2010. Did they actually confirm the April 2010 hack at that time? If so, that raises the question as to why there was no disclosure at that time.
CSDN has not yet issued any statement that I’ve been able to find in English in response to the detention or clarifying when they first knew of the hack. If any readers can find more information, please use the Comments section below to share it.
CRIEnglish.com notes that five suspects were arrested on March 20, so I expect we’ll see more coverage soon.