China arrests suspect in data breach affecting six million CSDN subscribers

The suspect, identified only by his last name of Zeng, is being held in Wenzhou, according to a report by Shanghai Daily.

The leak occurred in December when the personal information of more than six million CSDN users was exposed on the Internet for free downloading.

Beijing police said the leaked information contained user IDs, passwords, and e-mail addresses in clear text. The leak had effects on other websites, including online shopping, gaming, social networking, and financial service websites, the newspaper said.

Zeng caught police's attention because he claimed in an online post in September 2010 that he gained command of the CSDN database and wanted to cooperate with the website. He admitted to hacking into the CSDN server in April 2010 through a system loophole.

During the investigation, police uncovered four other hackers, and investigation into their illegal activities is still ongoing, the paper said.

After the breach, Beijing police levied an administrative punishment on CSDN for not securing its database. CSDN apologized to its subscribers, according to the report.

What’s Hot on Infosecurity Magazine?