A leak of personal information from online train ticket sales during the busiest time of year has spurred public outcry over internet vulnerability.
A trove of personal data used for buying tickets on the official ticket-selling website 12306.cn is circulating on the internet, according to the report by Woo Yun, a renowned third-party internet security platform. The leaked information includes usernames, passwords and emails.
China Railway Corporation confirmed the news in a statement posted on microblog site Sina Weibo on Thursday, but said that the data leaked via other channels instead of on their website.
"All the leaked information contains plain text, while the information in our website's database is completely encrypted, which means that the data leaked via other websites or channels," said the statement.
As China's Lunar New Year approaches, a big number of people have resorted to the internet as the fastest way to purchase tickets in the lead up to the Chunyun, the hectic travel period surrounding the Chinese New Year.
The ticket rush has also led to the birth of software and web browsers that allow passengers to cut ahead of others when snapping up online tickets. It is these channels that caused the leak, the statement said.
"We suggest passengers stay from third-party software and web browsers to avoid similar risks," said the statement.
The leak has scared ticket buyers, with many saying on Weibo that they have already changed their passwords to prevent further risks. Others laid the blame on railway authorities, saying that they should shoulder responsibility for the information leak.
Police have launched an investigation into the case.