Jingdong Mutton Report: Theft of Orders in Each Group
The incident began yesterday at midnight when some users found that their accounts had been added with unknown orders, some of which could be seen in the order history but others were in the refund folder. Some people checked their orders and discovered that they had successful payment orders for virtual game recharge, while those who had paid but failed to complete the transaction would cancel the order. After several attempts, they found out that the payment was made through WeChat Pay, but the payment account was not theirs. The reason for this is that there was a long-standing bug on WeChat that allowed the same phone or emulator (which is also sensitive) to make an order on both the WeChat and the WeChat app without any relationship between the two apps. Therefore, it's suspected that someone stole the user's account and used it to make fraudulent payments for virtual goods. This happened again today from about 1 AM to 3 AM. It seems that the issue has been fixed by JD as there hasn't been any more incidents reported since 2 AM. I have been tracking down the problem and trying to find out how it started. Unfortunately, I am too tired to continue working on it right now. Please let me know if you need further assistance.
页:
[1]