今天好奇试了下,要求用户名、密码和 SSN 后四位,然后我就收到以下:
It looks like your Credit Karma account was just accessed from a new device.
Device type: Windows NT 4.0 Time: Wednesday, November 29, 2017 7:48 p.m.
If that was you, feel free to ignore this email.
If that wasn't you, we'd recommend resetting your password to help secure your account. You can also get in touch with our member support team for more information.
是不是阿里直接拿用户名密码登陆,然后采集的?这有点恶劣了哦
|      1skylancer      2017-11-30 12:20:41 +08:00  1 ..你居然敢试 | 
|      3maxiujun      2017-11-30 12:31:11 +08:00 必然是用你的密码登陆,难道有别的办法? | 
|  |      4cnwtex      2017-11-30 12:33:15 +08:00 不但用密码, 还留存你的密码 | 
|      8Konki      2017-11-30 12:39:25 +08:00 合作的话,供应商在验证身份之后允许你生成一次性 token,然后提交给芝麻。 这种用户名密码的都是爬的 | 
|  |      9someonetwo      2017-11-30 12:39:51 +08:00 胆子真大 | 
|  |      10SourceMan      2017-11-30 12:41:28 +08:00 合作就不会要密码了。 | 
|  |      11lshero      2017-11-30 12:47:08 +08:00 via Android 国内的各种打着大数据征信的公司不都这样获取你的通话记录,购物记录,人行信用报告和公积金社保缴费记录嘛。 | 
|      12bazingaterry      2017-11-30 13:15:03 +08:00 via iPhone 合作肯定都是 OAuth | 
|      13aspave      2017-11-30 22:16:52 +08:00 via Android 幸好不记得密码,差点就手贱了。。。。 |