Leaked information goes on sale

Kang Lingyi, who used to be a senior hacker and was now the editor-in-chief of a military fan website, said that the leaked information was always found being sold on some hacker's website.

"Usually, the private information of several hundred thousand users will be sold as a package at the price of 500 to 800 yuan ($79 to 126)," Kang told China Daily.

The prices fluctuate depending on the contents of the package. "Detailed information with the ID number, the mobile phone number and the real name of netizens will be sold at a higher price, while unclear information with only accounts and codes would cost much less," he said.

The privacy trade on hackers' websites is usually carried out between acquaintances for safety concerns, according to Kang.

Buyers of the leaked information classify the accounts according to their "commercial value", Kang said. Some of the information could directly produce money such as the online game accounts involving virtual money.

Most of the "lower-level" information, comprising only the account, code and e-mail addresses, are purchased by certain public relations companies that would spread advertising information via the hacked micro blogs or send spams through hacked e-mail.

Gong Wei, a veteran hacker who identifies himself online as "Goodwill", said that each click toward addresses included in the junk e-mail will bring the hackers 0.1 yuan income from the advertising companies, according to a report on the IT channel of Tencent.com.

It posed more threats to netizens who used the same set of account and code on different websites. Breaking into one of these websites would give the hacker access to their accounts on other websites as well, according to an Internet security report released by the Qihoo 360 Technology.

Users' online safety ignored

People in Taiyuan, capital of Shanxi province, enjoy their time in an Internet bar in this file photo.

Internet companies were unwilling to spend much on protecting the information on their websites, as they did not have much to gain monetarily from these efforts, Kang said.

While website companies should encrypt the private information of their members before saving them into the database, many of them neglected to do so because of the huge expenses entailed, thereby exposing themselves to the possibility of a massive leakage, Kang said.