In recent days, many people's QQ was stolen, which was used to send fraudulent messages. Tencent has released an official statement today, saying that the main reason is that users have scanned the forged QR code of game login and authorized login.
So how are QQ users deceived by forged QR codes? There were no specific details in Tencent's announcement, but more details were given in the latest report from China Business News.
According to them, a large number of QQ users had their accounts stolen,The main reason is that when I log in Tecent WeGame in many Internet cafes, I am reminded that I need to use my QQ account to scan the QR code to log in. After the first scanning fails, the user information intercepted by the hacked production team is scanned again.In the case of not obtaining the user account and password, enter the QQ account, spread junk information, drainage for these black products.
This is not the first time THAT QQ has encountered qr code scanning by the collective theft of the situation, in May this year, QQ account theft also happened, users feedback that the number theft will be sent to their friends and QQ group vulgar advertising, although the advertising pictures are different, but pointing to the same website. The operation method and ultimate goal are the same as the QQ account theft incident.
As for the root of the problem, China Business News spoke to a Business security expert at Top Image, who said QQ would release an investigation report later.
From what we know so far,The main reason for large-scale user theft is that QQ has an open ecosystem,Its account can be used as an authorized account of other platforms/websites, or directly registered as an account of other platforms/websites.