Alibaba's Taobao Shopping Site Succumbs To Colossal Data Leak: WSJ

·2 min read

A Chinese software developer sifted Alibaba Group Holding Ltd’s (NYSE: BABA) Taobao shopping website for eight months and secretly collected over 1.1 billion pieces of user information before Alibaba noticed, the Wall Street Journal reported from a Chinese court verdict.

What Happened: The software developer began using the self-designed web-crawling software on Taobao’s site from November 2019, gathering information including user IDs, mobile phone numbers, and customer comments, some of which were not publicly available.

Alibaba informed the police after noticing the data leaks from Taobao. However, the developer did not obtain encrypted information like passwords.

Alibaba proactively discovered and reported the incident. It was working with law enforcement to protect its users. The developer did not sell any user information to a third party, and no economic loss occurred, Alibaba spokeswoman told WSJ.

A data leak involving mobile phone numbers would have more extensive consequences in China as citizens must register with accurate name identification before obtaining a mobile phone number. Additionally, Chinese consumers sign up for most internet services with their mobile phones making it easier to pin down someone’s social media accounts and other personal information.

Alibaba attracted enhanced regulatory scrutiny since 2020 end when authorities shelved off the initial public offering (IPO) of its financial affiliate Ant Group Co. days before the scheduled listing.

Why It Matters: Massive consumer data leaks have recently gained momentum in China, followed by black marketing of the leaked data.

Last week, China introduced a new data-security law to improve Beijing’s control over data flows within the country and consumer data protection. The law, along with proposed legislation modeled on the EU’s data protection regulation, is expected to reinforce data rules like the 2017 cybersecurity law.

The court filing specified that the software developer, surnamed Lu, shared the phone numbers with his employer. The employer, who operated a company doing promotions for Taobao sellers, used the data to target clients and claimed coupons from Taobao. The two were each sentenced to over three years in prison.

Antitrust regulators have charged a $2.8 billion penalty against Alibaba since the Ant IPO debacle for its dominant position abuse in the country’s online retail space. In addition, the regulators urged Ant to overhaul its businesses for regulatory compliance.

In April, Facebook Inc (NASDAQ: FB) reported data scraping, including names and phone numbers of over 530 million users. Facebook chose to describe the incidents as data scraping to escape reporting of data breaches to regulators and the public as per legal and privacy experts.

Price action: BABA shares traded lower by 1.74% at $210.21 on the last check Tuesday.

See more from Benzinga

© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.