A billion pieces of data belonging to customers of Taobao, Alibaba’s online sales site, have been leaked.
On June 15, 2021, the Wall Street Journal reported that the Taobao e-commerce website, a subsidiary of Alibaba, suffered a massive data breach. A billion personal information belonging to customers has been collected. These have not been published on the Internet.
The manager collected the personal information for eight months
According to Alibaba, around 925 million people use its sales platforms at least once a month. Among them is Taobao, which is one of the most popular in China. Today, a cloud is clouding its popularity.
For eight months, an employee of a Taobao affiliate merchant used a crawler, software that automatically crawls the web, to get the personal information of the firm’s clients. During this period, he acquired user IDs, mobile phone numbers as well as sensitive data. He shared some of this information with his employer.
When Alibaba noticed this, the Chinese giant immediately notified the police and worked with them to protect its users. The court imposed on the official and his employer three years in prison each, as well as a fine of 450,000 yuan, or 58,005 euros.
The data collected does not appear to have been sold online. Rather, the manager wanted to use them for his own purposes. Still, it could have had serious consequences. In China, more than elsewhere, the cell phone number is an integral part of a person’s identity. It allows him, for example, to register for services on the Internet. Stealing this information would allow someone with malicious intent to, for example, gain access to all of their social media accounts, as well as other sensitive information.
Sanctions for Alibaba?
According to You Yunting, a senior partner of the Shanghai Debund Law Offices, although Alibaba has not been blamed by the Chinese courts for this data breach, it would not be surprising if the company faces administrative penalties, under the cybersecurity law of 2017. The Chinese giant and other companies have been in the crosshairs of the authorities since the case involving Jack Ma, CEO of Alibaba and Ant Group. The latter had been very critical of the country’s regulators, accusing them of slowing down innovation.
The consequences were not long in coming: Ant Group’s record IPO was blocked, while authorities are now attacking large tech companies by introducing new regulations. So even if the court has not, for the moment, imposed any sanction on Alibaba, it would not be surprising if it does, knowing that index robots are not unrecognized in the tech industry. It can therefore identify fairly quickly them, as The Register shows .
In recent months, many tech companies have suffered from data breaches. Last April, those of 533 million Facebook users were freely accessible. This was also the case for LinkedIn, whose data of 500 million users we sold on the internet.