CHINA TOPIX

12/22/2024 12:31:39 pm

Make CT Your Homepage

Baidu Allegedly Leaks Sensitive User Information

Baidu is allegedly leaking sensitive, personal information of clients.

(Photo : Reuters) Baidu is allegedly leaking sensitive, personal information of clients through faulty codes.

Sensitive personal information is allegedly being collected and haphazardly transmitted by thousands of app codes from Chinese web service provider Baidu, according to security experts.

University of Toronto security experts claim that millions of Chinese users have possibly been affected by the crack. The information leaked reportedly includes users' locations, search terms, visited sites and ID numbers of devices.

Like Us on Facebook

The code was discovered in a software development kit, which can be utilized to design apps and programs for Android and Window-run phones, respectively. Baidu is using it to create web browsers for Android and Windows, and a number of other firms are allegedly using the kit as well. According to the Citizen Lab in Toronto, the Baidu-made apps and browsers have been downloaded a million times.

The company has dedicated a long-term research project to studying privacy and personal data use in China. In 2015, they has discovered lapses in the Alibaba browser and their latest findings shows a number of security and privacy frailty in Baidu's code.

Citizen Lab discovered that some information such as GPS coordinates and search terms are being transferred through plain text, while the added protection on other data like unique IDs can easily be broken. With this poor app protection scheme, users are susceptible to fake updates, giving phishers a chance to illegally access phones and computers.

Citizen Lab claims that Baidu has already addressed the bug issue in the code since its attention was called to it in November last year. However, it noticed that the company is still using the poor encryption platform for sensitive information.

Baidu claims that it was collecting data for commercial use and, occasionally, it shares the information with its partners. The firm has clarified that it is not selling or passing personal information over wholesale to Chinese authorities. The company stated that it "only provides what data is lawfully requested by duly constituted law enforcement agencies."

Real Time Analytics