Cn: Hackers Steal Account Details of 20.6 Mln Taobao Users

Taobao, the Chinese equivalent of eBay, was reportedly hacked in October 2015, but it doesn’t seem to have made U.S. news. Marbridge Consulting writes:

Police in Zhejiang province recently convened a press conference to announce that a group of hackers obtained information pertaining to approximately 99 mln accounts on Alibaba Group’s  C2C e-commerce site Taobao. The hack, which occurred between October 14-16, 2015, originated from rented space on Alibaba Group’s cloud services platform AliCloud. Of the 99 mln accounts in question, 20.59 mln are active user accounts with matching passwords. The hackers’ goal was to acquire the accounts in order to perform order brushing and supply manipulation on Taobao, as well as to sell to scammers.

A spokesperson for Alibaba Group explained that the exposed Taobao accounts were not the result of a direct hack of Taobao, but rather the suspects used acquired account information from non-Taobao accounts to check for matches against 99 mln Taobao accounts, thus discovering the 20.59 mln Taobao accounts in question.

The police report also included a criminal case involving Alibaba Group’s flagship international B2B e-commerce platform Alibaba.com. After gaining access to a seller account through an email phishing scheme, the criminals were able to defraud overseas purchasers of more than USD 1 mln by collecting payments without shipping goods. As of August 2015, Alibaba had received more than 1,700 complaints from foreign purchasers. In October 2015, police rounded up 25 suspects in Fujian province to crack the case open.

Read more on Marbridge Consulting.

I’m still surprised that I didn’t see this anywhere else, so am leaving Marbridge’s report as it is for now while I try to track down other sources about these incidents.

About the author: Dissent