Firm pays high price for simple password
Police officers with some of the suspects caught during their investigation into online theft. .
Some of the cash recovered by police investigating the online theft.
A financial company in the Pudong New Area which used a username and password on their computer system that was easy to guess, lost over 7.3 million yuan (US$1 million) to online thieves, Shanghai police said on Friday.
The company contacted police on June 1, and 15 suspects have been caught so far with 12 arrested.
The company had chosen “admin” as its username and "123456" as the password.
The company offers third-party payment services for company clients who deposited money in accounts it set up. However, the money lost in this case was from the company’s own capital, according to police.
The suspects said they have guessed the company’s username and password on May 30, a Saturday, and hacked into its account the next day and transferred 7.3 million yuan to their own accounts.
The company was not aware of the theft until the office opened on Monday, police said.
Police quickly froze bank accounts containing around 4.8 million yuan and recovered another 1.8 million yuan in cash during raids of suspects’ houses.
Shentu Liuyan, of the Pudong police cybersecurity squad, said the company had failed to register its website as required by law, and would be punished later.
Shentu had three tips that would protect companies from online theft. They should register their website with local police so they can check security settings and monitor any hacking activity. If using a cloud server, they should purchase Internet security services from the server provider. And they should keep a log so that if there are hacking attacks then they can be tracked by examining the log.
