Author Topic: Well, the 163 email leaked the password and other thing  (Read 6100 times)

Offline BenYeeHua

  • Member#
  • *****
  • Posts: 2232
  • Gender: Male
Well, the 163 email leaked the password and other thing
« on: October 19, 2015, 03:20:29 PM »
Change your 163 password, if you has register this 163 email with same password, then remember to change your password on other website.
And well, I guess you want to switch over to other email too, as it don't taking care its' security....

Also, if you has used this email to register other website, then...
Change your email address if you can, enable 2-Step Verification, if it can't be changed, then don't use it's services, as email should be available to change, but not as a ID. :P

I also tried to login my account(which is someone register for me, and not I want it, so...), and found that, it is not using any SSL, even the login form is written as SSL protected, but the whole website are not using SSL, even if you type https into the address, the other resource are still loading over http, you can't login it, and when you try to login, the browser will pop up saying that, it is sent over http. ::)

Sorry for posting Chinese website, but it is not reported by any other English news report yet, so please use Google translate or any other translator. :)
http://www.wooyun.org/bugs/wooyun-2015-0147763
http://www.cnbeta.com/articles/439999.htm

And here is some example that leaked, you can see the MD5 password, the birthday, register IP, security question and answer, and also the email.
http://pastebin.com/NHCXEfMH

If you want me to recommend any email services, I will said MS account(A.K.A. Hotmail) with Gmail as backup/recovery email is a good choose, it will lock your account when there are any login from other country than your country that are strange, and you can use the backup/recovery email, phone number to verify the identity.
You can also use the Phone number to sent yourself a sms code to temporary login into the email, so that even the computer is compromised, your password is still safe(even it is not a good choose to not changing the password after login a compromised computer)

And I saw a lot of people has login their Gmail into the Chrome browser, and being used by a lot of people, so it is not a good choose to use Gmail for this reason.(will tell the story later, and I think no one will trying to login their MS account into Win 10....)  ;)
« Last Edit: October 19, 2015, 09:04:43 PM by BenYeeHua »