Several Chinese airlines have denied being responsible for a leak of passenger information, China National Radio reported on Monday.
The leaked data include user names, ID numbers, mobile numbers, and airline information, posing a critical threat to consumer safety, according to a report by WooYun.org, a renowned third-party Internet security platform.
The airline companies have confirmed the news, but denied responsibility, saying that the data were leaked through other channels and not their websites.
China Eastern Airlines said information must have been hacked into via third parties seeing as its own payment system does not have any security flaws.
Xiamen Airlines said it has stopped using the targeted ticketing system for two years, explaining that the WooYun report "overstated the data leak."
TravelSky Technology, a leading provider of information technology solutions for China's air travel and tourism industries, was also accused of security problems. Bo Manhui, company general manager, noted that their database is thoroughly encrypted and that they regularly check for any hidden flaws on their website.
Wu Di, a co-director at WooYun, insisted that their report gave an accurate picture of the situation.
Management vulnerability, including information sold by insiders, could result in leaks, while flaws in online systems could also cause trouble, Wu said.
Zhao Wu, an expert with 360 Safe Global, stressed that online vulnerability would still exist despite developments in network security, allowing hacking to occur.