SINA Data Breach (2012)

Chinese online security website Youxia.org today revealed a security loophole in Chinese internet company Sina's (Nasdaq: SINA) iAsk search engine that exposes user passwords. According to the site, iAsk is vulnerable to an SQL injection attack that allows access to the iAsk database, which includes information for over 70 mln users. As an example, Youxia.org demonstrated how it could find the username and password of popular magician Liu Qian, who confirmed on his personal microblog that the password was correct. While Sina has already closed the security breach, Youxia pointed out that following user data leaks at online communities CSDN.net and Tianya, Sina claimed passwords were encrypted in their database, but the exploit has proven that the majority of passwords are saved in plain text.