5.7 KiB
Before disabling any content in relation to this takedown notice, GitHub
- contacted the owners of some or all of the affected repositories to give them an opportunity to make changes.
- provided information on how to submit a DMCA Counter Notice.
To learn about when and why GitHub may process some notices this way, please visit our README.
Declaration: I have read and understood GitHub's DMCA Policy;
Complainant:Shenzhen Rubik's Cube Safety Technology Co., LTD. (entrusted by China Merchants Bank);
Responsible person: [private], contact number: [private];
Company Email: [private];
Address: [private]
Request matters:
(1)After investigation, our company found that on the Github platform of the open source community, some users uploaded internal training documents and internal technical introductions related to China Merchants Bank. The source code documents were uploaded to Github by individuals without permission. Bank network information security status.
(2) Specific information description:
User:acodekiller
Time:[private]
The leaked addresses are as follows, https://github.com/acodekiller/mynotes/blob/master/notes/work/%E6%8B%9B%E9%93%B6%E5%90%AF%E6%98%8E%E6%98%9F%E5%9F%B9%E8%AE%AD.md?plain=1#L In this link, as confirmed by the internal staff of China Merchants Bank, the training document of China Merchants Bank (Venus Training Notes) was leaked, which leaked the internal information of the bank, including [private] and other related information. Links in lines 1221 to 1383 introduce the Java development framework independently developed and maintained by China Merchants Bank, and disclose detailed information such as the development technology. This development technology belongs to China Merchants Bank’s own intellectual property rights and should not be disclosed.
https://github.com/acodekiller/mynotes/blob/master/notes/work/%E6%8B%9B%E9%93%B6%E5%90%AF%E6%98%8E%E6%98%9F%E5%9F%B9%E8%AE%AD.md?plain=1#L1440,Line 1440 of this link introduces that [private] is a distributed tracking system developed by China Merchants Bank. Line 1445 of the same link discloses the test environment address and production environment address of [private]. At the same time,Cmbchina.cn is the main domain name of China Merchants Bank. Confirmed by internal personnel of China Merchants Bank,the repository contains the test project code of China Merchants Bank; the leakage of the internal test project code will bring security threats to China Merchants Bank.
Also, in the same repository,link
900d9b9917/notes/practice/%E5%90%8E%E7%AB%AF.md?plain=1#L595 and 900d9b9917/notes/framework/SpringSecurity.md?plain=1#L2006,It also leaked multiple configuration information of China Merchants Bank, including private information such as account passwords. Through such private information, multiple hosts of China Merchants Bank may be violated. For a large bank such as China Merchants Bank, using the password to connect The bank's server will most likely cause a large amount of bank information to leak, which will seriously threaten the information security of China Merchants Bank and the security of the whole society.
We hope that GitHub officials will assist in asking this user to delete the entire repository at https://github.com/acodekiller/mynotes/.
3)It is currently not possible to locate the relevant personnel of the repository internally. We have learned that the uploader's email address is: [private], and appeal to GitHub to disable the whole repository officially.
Instructions:
(1) The content of the warehouse files complained above has seriously violated the rights and interests of China Merchants Bank. The content of the complaint is the private source code of the China Merchants Bank Department, which involves serious security issues of China Merchants Bank. We hereby apply for the official assistance of Github to remove it from the shelves in time.
(2) We hope that the above users can delete the entire repository provided in the 2nd complaint above.
(3) We cannot know the information of the infringer.
(4) Our company has also complained about the delisting of sensitive information on the GitHub platform before, and the submitted materials and the address of the leaked information warehouse are also very accurate. Please GitHub assists in delisting as soon as possible, thank you very much.
Statement:
(1) I have a good faith belief that use of the copyrighted material described above on an infringing web page is not authorized by the copyright owner, its agent, or the law, and I have considered fair use.
(2) Our company is the legal owner of the content of the complaint (with a letter of authorization);
(3) The company hereby swears that the information in this notice is accurate and correct. For the allegedly infringed exclusive rights, the company is the authorized representative of the copyright owner. If it is not true, it is willing to accept the penalty of perjury.
Our company guarantees that the information stated in this notice is sufficient, true and accurate, and our company has been authorized to exercise the rights and interests listed in item 2. With regards
Github official
complainant unit (entrusted by China Merchants Bank) :
Shenzhen Rubik's Cube Safety Technology Co., LTD.
Date: July 31, 2023
Applicant's signature [private]