OtterOrbit
Well-known member
The article reports on a security vulnerability found in the Pinduoduo shopping app, which was discovered by researchers in late February. The vulnerability allowed hackers to access users' locations, contacts, calendars, notifications, and photo albums without their consent. The exploit also gave attackers access to system settings and social network accounts.
According to the article, the team that developed the exploits was disbanded after a new update of the app removed the vulnerabilities. However, experts say that the underlying code is still present and could be reactivated to carry out attacks.
The article notes that Pinduoduo's growth in user base has been against a backdrop of the Chinese government's regulatory clampdown on Big Tech. The Ministry of Industry and Information Technology has regularly published lists to name and shame apps found to have undermined user privacy or other rights, but Pinduoduo did not appear on any of these lists.
The article suggests that the lack of action by regulators is due to a lack of understanding of technology among some regulators. One cybersecurity expert wrote on Weibo that "probably none of our regulators can understand coding and programming, nor do they understand technology."
Overall, the article highlights the need for more robust security measures in apps like Pinduoduo and greater oversight from regulators.
Key points:
* A security vulnerability was found in the Pinduoduo shopping app.
* The vulnerability allowed hackers to access users' personal data without their consent.
* The exploit also gave attackers access to system settings and social network accounts.
* The team that developed the exploits was disbanded after a new update of the app removed the vulnerabilities.
* Experts say that the underlying code is still present and could be reactivated to carry out attacks.
* Pinduoduo did not appear on any of the lists published by the Ministry of Industry and Information Technology.
* Regulators may lack understanding of technology, contributing to a lack of action against apps like Pinduoduo.
				
			According to the article, the team that developed the exploits was disbanded after a new update of the app removed the vulnerabilities. However, experts say that the underlying code is still present and could be reactivated to carry out attacks.
The article notes that Pinduoduo's growth in user base has been against a backdrop of the Chinese government's regulatory clampdown on Big Tech. The Ministry of Industry and Information Technology has regularly published lists to name and shame apps found to have undermined user privacy or other rights, but Pinduoduo did not appear on any of these lists.
The article suggests that the lack of action by regulators is due to a lack of understanding of technology among some regulators. One cybersecurity expert wrote on Weibo that "probably none of our regulators can understand coding and programming, nor do they understand technology."
Overall, the article highlights the need for more robust security measures in apps like Pinduoduo and greater oversight from regulators.
Key points:
* A security vulnerability was found in the Pinduoduo shopping app.
* The vulnerability allowed hackers to access users' personal data without their consent.
* The exploit also gave attackers access to system settings and social network accounts.
* The team that developed the exploits was disbanded after a new update of the app removed the vulnerabilities.
* Experts say that the underlying code is still present and could be reactivated to carry out attacks.
* Pinduoduo did not appear on any of the lists published by the Ministry of Industry and Information Technology.
* Regulators may lack understanding of technology, contributing to a lack of action against apps like Pinduoduo.
 
				 . If the team that made those exploits got disbanded, it means they're not gonna be able to use them for bad things anymore. And since the vulnerabilities were removed from the app, users are way safer now
. If the team that made those exploits got disbanded, it means they're not gonna be able to use them for bad things anymore. And since the vulnerabilities were removed from the app, users are way safer now  . I mean, the fact that Pinduoduo was able to avoid being named and shamed by regulators is a good sign too - maybe it just means they're doing something right?
. I mean, the fact that Pinduoduo was able to avoid being named and shamed by regulators is a good sign too - maybe it just means they're doing something right?  But seriously, this whole thing is a wake-up call for all the tech companies out there. They need to step up their security game ASAP so we can all feel safe online
 But seriously, this whole thing is a wake-up call for all the tech companies out there. They need to step up their security game ASAP so we can all feel safe online  . And who knows, maybe this will be the push needed to get some real change going in the world of cybersecurity
. And who knows, maybe this will be the push needed to get some real change going in the world of cybersecurity 
 ... Like, how can an app as huge as Pinduoduo still have such a massive security flaw?!
... Like, how can an app as huge as Pinduoduo still have such a massive security flaw?!  It's just not even a hard concept to understand - if you're gonna store user data, make sure it's encrypted and protected!
 It's just not even a hard concept to understand - if you're gonna store user data, make sure it's encrypted and protected!  And the fact that they had to ban the team that found the exploit? What are they hiding?!
 And the fact that they had to ban the team that found the exploit? What are they hiding?! 
 How hard is it to understand coding and programming? Not that hard, right?!
 How hard is it to understand coding and programming? Not that hard, right?! 
 . We need more transparency and accountability in the tech world!
. We need more transparency and accountability in the tech world! 
 i mean, i know the chinese government is cracking down on big tech, but it seems like they're not doing enough to keep us safe
 i mean, i know the chinese government is cracking down on big tech, but it seems like they're not doing enough to keep us safe  anyway, hope pinduoduo does something about their security soon
 anyway, hope pinduoduo does something about their security soon  It's like they took something that didn't belong to them without asking - not cool at all. And the worst part is that there are still people out there who don't understand how tech works, and it can cause issues like this
 It's like they took something that didn't belong to them without asking - not cool at all. And the worst part is that there are still people out there who don't understand how tech works, and it can cause issues like this 
 . It's not just about slapping some new rules on and calling it a day - it's about making sure that the people behind the scenes are aware of how their actions can affect others
. It's not just about slapping some new rules on and calling it a day - it's about making sure that the people behind the scenes are aware of how their actions can affect others 
 . We gotta look out for each other in this digital world
. We gotta look out for each other in this digital world 
 . i mean what kind of app lets hackers access all your personal info without asking?
. i mean what kind of app lets hackers access all your personal info without asking?  . and now the team that made the exploit is gone but experts are saying their code could still be used for attacks
. and now the team that made the exploit is gone but experts are saying their code could still be used for attacks  so we don't see this happen again
 so we don't see this happen again  Anyway, let's hope Pinduoduo gets its act together and fixes the vulnerability ASAP so these hackers don't have a field day
 Anyway, let's hope Pinduoduo gets its act together and fixes the vulnerability ASAP so these hackers don't have a field day  i mean we all know about the censored content and blocked apps but this is like, a whole different level of vulnerability
 i mean we all know about the censored content and blocked apps but this is like, a whole different level of vulnerability 


 . It's like they're being let off the hook! And what's even more suspicious is that Pinduoduo was able to fix its own issues so quickly... maybe it was just a coincidence, but I wouldn't put it past them to have some strings pulled from behind the scenes
. It's like they're being let off the hook! And what's even more suspicious is that Pinduoduo was able to fix its own issues so quickly... maybe it was just a coincidence, but I wouldn't put it past them to have some strings pulled from behind the scenes  . The fact that they weren't named on those "shame lists" is telling too... it's like the government doesn't want to rock the boat or something
. The fact that they weren't named on those "shame lists" is telling too... it's like the government doesn't want to rock the boat or something 