QQ appears large-scale number theft, why is this? Is there no solution?

In recent days, QQ It was discovered that the account was stolen on a large scale , Automatically to friends 、 Group sends indecent messages , This has caused a lot of trouble to many people , In particular, send such information to family members or customers , It was quite embarrassing ！ The good news is that it's not just you who are embarrassed , There are others to embarrass with you （ Ah ha ha ha ha ha ）

Get down to business , First of all, why is the account stolen ？

In a situation like this , It is definitely not the mobile terminal login operation , You must log in through the computer software qq Carry out batch automatic operation , There are several ways to log in on the computer ：

1、 Account password login ;

2、 Sweep the login code ;

So the possibility is mainly reflected in these two aspects ：

Possibility one ： Account and password disclosure

In everyday QQ In the use , It is possible that we have logged in on public devices QQ, For example, Internet bar computers , Public equipment is often the regular channel for password disclosure , although QQ It has a two factor authentication security mechanism , But to improve the user experience , Reduced the security level , For example, logging in to an unfamiliar device will require secondary authentication , But log in again on the logged in machine , No secondary verification at this time , If the account and password have been obtained , You can log in directly on this computer to do something that bothers you .

Summary is in Public device login , Cause account and password disclosure , Bypass the second verification mechanism ！ But in this way, individual users are likely to be stolen , This kind of large-scale theft is not like .

Possibility two ： Scan illegal binary microcode

Code scanning login is everywhere , especially QQ It's huge , Most of them can use QQ Sweep the login code , Criminals illegally forge pages and two microcodes , Let the user scan the code to log in , So as to obtain the login authorization of the user , Criminals get authorization and store it by unknown means , Sell it to downstream gangs at a high price , Centralized login and batch automation software , To friends 、 Group release message , This possibility is the greatest .

summary ： Forge two microcode , Let the user scan the code to obtain login authorization ;

There is no way to deal with it ？

There must be a way ：

In the first case , At the expense of the user experience , Every time you log in Force users to use two factor authentication , This can effectively enhance login security ;

For the second case , First, the user doesn't want to scan all the codes , Be sure to watch , What's more, we need QQ It controls the login logic of scanning code more strictly , Analyze each interaction in detail , Strictly control the validity period of authorization certificate and verify it , Do not give lawless elements an opportunity .

Zhongke henglun is an enterprise level two factor certification manufacturer , Pay great attention to the safe login of enterprise users , Two factor authentication and reinforcement is imperative , Don't wait until it's too late to mend .