Summary of events
The incident began with a question from Zhihu: How to view the possible account security risks in alipay’s non-password login mode, which was exposed on January 10?
- Pay alipay login interface, input account after click forget password
- You cannot receive SMS messages after entering your account
- So there are a lot of ways to verify, you know what you know, you know who your friends are
- If you change the password, forget the old password and change it directly
The picture has been authorized.
User self – protection remedies
- Tecent science and technology also confirmed to send a document: urgent! A major flaw in Alipay has made it easy for acquaintances to tamper with your password
- Then wechat public number [South ship north Horse] published an article: Alipay acquaintances to change the vulnerability of the current available remedies
In fact, not just acquaintances, you buy any Taobao shop, in theory can be done, it is too simple.
Here are a few remedies available to date:
1. Transfer the balance out
2. Unbind your bank card
3. Close small amount secret payment free: setup – Payment Setup – Secret payment free
4. Set the minimum spending limit at 500 yuan
5. Buy the 2 yuan account security insurance built into Alipay
6. Log in to the PC web version of Alipay and set security questions
7. If you receive any password change message from Alipay, go to the first aid kit of Alipay to report the loss immediately
Alipay also officially released an email asking you to change your password:
The latest alipay forwarded the micro blog of Ant S.H.I.E.L.D. :
Thermal repair solution
In terms of technology, the technical team should try to use hot repair technology in the face of such security problems, such as:
- Meituan scheme of thermal repair
- Summary of HotFix solutions in iOS
- HotFix framework HotFix source code analysis
You can see more on our HotFix TAB, or our related collection, HotFix Architectures Everyone Uses.