There are traces that show the personal information of about 60,000 people was used to log into online shopping sites, the MPD said.
As a Chinese fraud group is suspected of having obtained the data unlawfully for shopping and other purposes, the MPD is investigating whether the unauthorized access has caused damage while urging users to take precautions such as by changing passwords.
The volume of personal information stolen online in this case is one of the largest ever seen in the nation. The MPD said that the information relating to the 60,000 individuals was data held by three companies.
The Yomiuri Shimbun has learned that two of the firms are major online shopping mall operator Rakuten, Inc. and LINE Corp., which operates a free call and messaging app.
According to the MPD, the IDs and passwords were stored on the computer servers of Sun Techno, a proxy server operator in Toshima Ward, Tokyo. The police raided the company's office in November.
About 7.85 million IDs and passwords registered as membership details on Japanese sites were stored separately in 150 files.
If it is assumed that there are no users in common between the sites, the information for about 5.06 million individual users can be considered to have been affected. Some of the data includes names, birthdays and credit card numbers. Who stole the information remains unknown.
Computer code that automatically attempts unauthorized access to online shopping sites to check whether the IDs and passwords can be used, which includes content written in Chinese, was found on the proxy servers.
The MPD found signs that the code had been used to check whether the personal credentials were valid. Information held by the three companies for about 60,000 customers was made into a list that was stored in a different file, it said.
Analysis has shown that the list was created during a period from September, two months before the MPD search, to shortly before the search.
The MPD said users of the proxy servers had gained access to the servers from China. It suspects a Chinese fraud group illegally used the proxy servers in Japan to conceal its identity when gaining unauthorized access to Japanese online shopping sites.
No financial damage from the illegal use of the IDs and passwords has been reported to police, but the MPD has asked the companies to check whether purchases and use of points were made using stolen user information.
A LINE official said: `It is greatly regrettable that our customer information was leaked illegally and could be used inappropriately. We'd like to implement safety measures and make efforts to improve our services.`
Meanwhile, a Rakuten official said, `As we have yet to obtain accurate information about the investigation, we have no information to provide.`
Read original article
No comments:
Post a Comment