Ctrip, China's largest online travel agency, said they have fixed a security hole that made users' credit card details vulnerable to hackers and told 93 users to replace their cards on Sunday.

Wooyun.org, a domestic Internet security monitoring platform reported on Saturday that a local server that Ctrip uses to process payment was opened for test, so it is possible for hackers to read the data. Through the loophole, users' personal information such as their real names, identification card numbers, credit card numbers, and the three-digit card verification value (CVV) numbers can be obtained, said wooyun.org.

Like Us on Facebook

Ctrip admitted that a third-party website informed the company on March 22 that users' credit card information was susceptible to hacking as it was stored on local servers that Ctrip maintained.

After conducting an investigation, the security hole was solved in two hours, said Ctrip. The company also reported that its technology developer left the temporary log for system test but forgot to delete it timely. Hackers might have downloaded their users' credit card information in that period.

Although Ctrip has not received any reports of users sustaining financial losses or damages from the incident, the company believed that 93 users may still face potential risks and contacted them on Saturday and Sunday by telephone to urge them to have their credit cards replaced. The company also noted it will cover the charges for card replacement.

Guo Tianyong, Director of Chinese Banking Study at Central University of Finance and Economics, said that our countries' finance and payment agencies are relatively healthy in general. Data breach is an issue of internal management or internal control, Guo added.

China shall strictly manage the companies which involve to public information or release a law especially for customer personal information protection, Guo said.