[情報] 合庫網銀疑似被盜個資

作者teras (Tera)

看板Bank_Service

標題[情報] 合庫網銀疑似被盜個資

時間Thu Mar 10 01:13:16 2016

http://imgur.com/mjIbN3y 收到上述郵件圖檔+一個.ZIP 檔 .ZIP我不敢開 >< 個資法好像有規定發生個資洩漏, 行銀要負舉證責任, 有疏失就要賠錢哭哭惹查了一下E_MAIL的表頭如下, 看來是從UK寄來的... Return-Path: <php-mail@WEB205.extendcp.co.uk> Received: from msa-sms5-4.hinet.net (msa-sms5-4.hinet.net [168.95.7.114]) by msa-smtp4.hinet.net (8.14.2/8.14.2) with ESMTP id u293Xo71024598 for <XXXX.XXXX@msa.hinet.net>; Wed, 9 Mar 2016 11:33:50 +0800 (CST) Received: from msa.hinet.net (msa-msr20.hinet.net [168.95.6.20]) by msa-sms5-4.hinet.net (8.14.2/8.14.2) with ESMTP id u293XnRh020799 for <XXXX.XXXX@msa.hinet.net>; Wed, 9 Mar 2016 11:33:49 +0800 Received: from mailscan1.extendcp.co.uk (mailscan39.extendcp.co.uk [176.32.230.33]) by msa.hinet.net (8.14.2/8.14.2) with ESMTP id u293XCYU024973 for <XXXX.XXXX@msa.hinet.net>; Wed, 9 Mar 2016 11:33:38 +0800 (CST) Received: from mailscanlb0.hi.local ([10.0.44.160] helo=mailscan2.hi.local) by mailscan-g69.hi.local with esmtp (Exim 4.80.1) (envelope-from <php-mail@WEB205.extendcp.co.uk>) id 1adUsS-0005di-IG for XXXX.XXXX@msa.hinet.net; Wed, 09 Mar 2016 03:33:36 +0000 Received: from mailscanlb0.hi.local ([10.0.44.160] helo=web206.extendcp.co.uk) by mailscan2.hi.local with esmtp (Exim 4.80.1) (envelope-from <php-mail@WEB205.extendcp.co.uk>) id 1adUsQ-0001Ut-4C for XXXX.XXXX@msa.hinet.net; Wed, 09 Mar 2016 03:33:36 +0000 Received: from WEB205.webhosting.mainnameserver.com ([127.0.0.1]) by web206.extendcp.co.uk with Microsoft SMTPSVC(7.5.7601.17514); Wed, 9 Mar 2016 03:33:20 +0000 Date: Wed, 09 Mar 2016 03:33:20 +0000 Subject: Your online bank transfer of billing notifications To: XXXX.XXXX@msa.hinet.net MIME-Version: 1.0 From:TCB-BANK <coA033@tcb-bank.com.tw> Reply-To: TCB-BANK <coA033@tcb-bank.com.tw> 合庫加油好嗎 QQ 請查照板規10，發文需大於3行50字 -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 36.227.41.220 ※ 文章網址: https://www.ptt.cc/bbs/Bank_Service/M.1457543599.A.102.html ※ teras:轉錄至看板 Gossiping 03/10 01:21

→ dallasman: 快～去～告～ 03/10 01:43

恁爸沒空, 科科

推 bullbe36: 盜什麼資？ 03/10 05:57

噓 RichHarden: 這完全構不成個資外洩的條件好嗎 03/10 06:54

噓 loomissayles: 反串失敗 03/10 08:00

噓 isaacc: 唉，加油點，好嗎? 03/10 08:04

→ alex1973: 這個 header 唯一跟合庫相關的是 from 欄位寫的是 TCB 03/10 09:05

→ alex1973: 你知道 from 欄位其實用某些發信軟體是可以任意寫的嗎 ? 03/10 09:05

→ alex1973: 如果內文有寫你的個資 (譬如說開頭寫著你的中文名字) 再 03/10 09:10

→ alex1973: 來說有個資外洩的嫌疑, 不然都是亂槍打鳥的 03/10 09:10

→ alex1973: 不然照你這邏輯, 其實我可以告一堆國際性的跨國銀行集團 03/10 09:11

→ alex1973: 因為我也常收到一些銀行通知我中獎, 通知我帳號有問題, 03/10 09:12

→ alex1973: blah blah..... 等等奇怪的通知信, 問題是我根本沒有那 03/10 09:12

→ alex1973: 些銀行帳號啊 XD 03/10 09:13

知道, 重點是駭客知道我用合庫網銀, 又月工月工女子有2萬可以轉帳, 乾害恁爸差點打開.ZIP檔, 我看沒練過的還是乖乖跑銀行叭真的出了事責任推得比快DER

噓 r1t1r: 回去多念點書單獨只有EMAIL不是個資 03/10 11:32

洩漏我的E_MAIL給駭客釣魚啊

→ r1t1r: 你可以快跟金管會申訴真是個資外洩可以讓銀行賠很多錢 03/10 11:33

→ r1t1r: 就怕你會被打臉打到哭出來 03/10 11:33

你在補腦我跟金管會的關係嗎 @@ ※ 編輯: teras (36.227.41.220), 03/10/2016 13:31:58 ※ 編輯: teras (36.227.41.220), 03/10/2016 13:38:16