According to a Chinese court ruling, a Chinese development team secretly scraped Alibaba Group Holding Ltd.’s famous Taobao online store for 8 months, gathering over 1.1 billion sets of personal data before Alibaba discovered the scrape.
As per Wall Street Journal, the data breach contained user IDs, contact information, and live comments, referencing a recent ruling by a superior court in China’s central Henan province.
According to the Wall Street Journal, after the cyberattack was discovered, Alibaba contacted the authorities. Taobao is one of China’s most prominent shopping sites. Alibaba stated that roughly 925 million people use Taobao as well as other Alibaba online shops every month.
Although the judge did not find Alibaba liable for the data breach, You Yunting, a senior lawyer at Shanghai Debund Law Offices, told WSJ that the business may face disciplinary fines under the 2017 cybersecurity law.
A computer engineer called Lu hacked the site in 2019 using a tool built on the Taobao network, per a petition to a court in Henan Province. Lu began dumping some of the site’s personal data, which he then gave over to his boss.
According to the Wall Street Journal, a promotional firm that dealt with Taobao sellers. The employer allegedly exploited the information to locate new clients and demanded Taobao vouchers, per the investigation.
Both Lu and his unidentified client were convicted to more than 3 years in jail, according to the WSJ. Chinese state laws, according to the report, are frequently released months after the judgment and usually just include the family’s surnames.
Alibaba claimed in a release that no user information was sold and that no consumers suffered damage as a result of the incident. The event, on the other hand, aligns with Beijing’s growing push to restrict the current management of vast troves of data that online behemoths like Alibaba, Tencent Holdings Ltd., and Meituan collect every day from millions of users.
“As data privacy and security are of greatest concern to Taobao, we spend significant effort to combating unlawful scraping on our site.” In response, a Taobao representative stated, “We have proactively detected and handled this illegal scraping.” “We will continue to collaborate with criminal justice to defend and safeguard our users and partners’ desires.”
Alibaba immediately detected and remedied the problem, according to a spokesperson, and was cooperating with government agencies to safeguard its users. She refused to say how many individuals were affected.
She stated that no customer data was sold to a private entity and that no financial loss happened. Alibaba estimates that 925 million individuals utilize its Chinese retail networks at least once a month.
While the tech did not get confidential data like passwords, some of the data he scraped, such as contact information and a part of identities, isn’t publicly shown on the site.