Recently, a netizen revealed that Alipay has found a deadly new vulnerability: strangers have a 1/5 chance to log in to your Alipay, while acquaintances can log in to your Alipay 100%, and can even change it without using the original password directly with the mobile phone number. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
According to netizens, the principle is as follows: log in to the mobile phone account - forget the password - the mobile phone is not around - choose one of the nine pictures of things Taobao has bought - choose one of the nine pictures of friends verified by friends - the login is successful. At this time, you can scan the QR code directly to pay without password. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
The specific steps are as follows: The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
1. Open the Alipay login interface, enter the account number and click Forgot Password; The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
2. After entering the account number, you can't receive SMS by clicking directly; The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
3. There are many ways to verify. Choose the way you know, the acquaintance verification, and the friend information you know; The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
4. Change the password. The original password is forgotten and changed directly. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
After modification, you can directly log in the account, which has all functions and supports secret free payment. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
In response, Alipay officials said that this method can only be realized under specific circumstances. And once the user Alipay is logged in to other devices, my device will receive a notification reminder. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
In addition, Alipay said that after receiving feedback from netizens this morning, Alipay further improved the security level of the risk control system. At present, only on the user's own mobile phone can the user retrieve the login password by identifying the recently purchased goods and his/her friends. This method cannot be applied to other mobile devices to retrieve the login password. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
The following is the full text of Alipay response: The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
We received feedback from netizens that we can retrieve the Alipay login password by identifying friends and recent purchases. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
This approach will only be implemented in specific cases. Generally, users need to input SMS verification code at least to retrieve their login password. For some users who cannot receive SMS messages or change mobile devices temporarily, our risk control system will first evaluate (such as account information integrity, network environment and other factors). When the security factor is high, the user is allowed to answer a series of security questions. The login password can be changed only after the answer is correct. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
This policy can only retrieve the login password, but cannot retrieve the payment password only by answering security questions. And once the user Alipay is logged in to other devices, my device will receive a notification reminder. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
In order to better enhance users' sense of security, we have further improved the security level of the risk control system after receiving feedback from netizens. At present, only on the user's own mobile phone can the user retrieve the login password by identifying the recently purchased goods and his/her friends. This method cannot be applied to other mobile devices to retrieve the login password. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
We also welcome users to continue to make comments and suggestions on our security policy, and we will further improve and revise it according to your feedback. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html