Ctrip fixes loophole on leaked data
Print Edition
CTRIP, China’s biggest online tourism site with over 140 million users, has fixed a loophole in its website where users’ payment information was leaked, the Nasdaq-listed company said yesterday.
WooYun.org, a website specializing in reporting loopholes, said at the weekend that it managed to download the credit card payment information, such as identity card numbers and bank card data, of 93 users from Ctrip.com, thereby exposing the loophole in the latter’s website. The users hold credit cards with China Merchants Bank.
Ctrip said yesterday that it conducted a thorough inspection and fixed the loophole.
“We found it was a temporary loophole that appeared during the debugging process,” Ctrip said.
It claimed that up to yesterday no user has reported any loss of money. But Ctrip promised to pay for possible losses, if needed.
“We solemnly promise that if users suffer losses due to future safety loopholes, Ctrip will compensate the full amount of losses,” the company said, adding that it has advised the 93 users to apply for a new card.
Shanghai-based Ctrip has created a special fund of 5 million yuan (US$820,000) to research online security enhancement.
Top dot-coms such as Baidu and Tencent have invested heavily in online tourism, which sparked concerns about the safety of credit card information bundled with online accounts and personal data.
The tourism industry was rocked previously when information regarding hotel bookings of several million people was spread online.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
