Hack Attempt on Taobao Accessed 20M Accounts
Hackers attempted to access more than 20 million active accounts on Chinese e-commerce website, Taobao. The website is China’s biggest online shopping marketplace run by Alibaba Group Holding Ltd., and is similar to popular online marketplaces like eBay and Amazon. According to reports, the hack attempted to access the site through Alibaba's cloud computing service.
The company, via its spokesman, quickly addressed the issue by saying that the attack was detected in “the first instance,” and that they have already notified users to replace passwords and cooperate with the ongoing investigation. Several Chinese enterprises have been the subject of cyber attacks, authorities and security experts say, noting that building a defensive wall similar to its U.S. counterparts is still far a far-fetched reality.
In a separate report made by the Ministry of Public Security, a massive 99 million user credentials (comprised of usernames and passwords) have been mined by hackers from a number of websites. Then, from this vast collection, the information of an estimated 21 million accounts have been keyed into the Taobao website through Alibaba’s computing platform, pertaining to one out of every 20 active annual buyers found on Alibaba’s online retail portals.
Refusing to comment any further on the incident, and refuting claims of a breach and the existence of security gaps in its platform, Alibaba shared that the unusual activity was said to have happened in mid-October of 2015. Authorities were then alerted in November about the slew of credentials coming from compromised accounts being entered into the online portal. The culprits, according to the ministry bulletin, were caught and the systems managed to thwart unauthorized log-in attempts. The incident was said to have caused the price of the company's U.S.-listed shares by as much as 3.7%.
In China, “order brushing” refers to the common cybercriminal practice of using stolen accounts to feign legitimate orders on the online marketplace. This is done to increase rankings of sellers. In other instances, hackers in question also managed to use the compromised credentials to be used as instruments for fraud.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale