Security News > 2021 > June > Alibaba suffers billion-item data leak of usernames and mobile numbers

Alibaba's Chinese shopping operation Taobao has suffered a data breach of over a billion data points including usernames and mobile phone numbers.

Both reports state that a developer created a crawler that was able to reach beneath information available to the human eye on Taobao, and that the crawler operated for several months before Alibaba noticed the effort.

163.com suggests the source of the crawler was a company that makes money from affiliate referrals to Taobao, and that the site was scraped from November 2019 until Alibaba noticed the activity in July 2020.

Alibaba notified authorities, an investigation commenced, and the matter landed in the People's Court of Suiyang District - which in May convicted a developer and his employer of lifting the data.

Alibaba has reportedly 'fessed up to messing up - a rather different approach to that displayed by Facebook when news of over 500 million scraped customer records re-emerged in April 2021 and The Social Network™ suggested users should revisit their privacy settings to stop scrapers.

Registering for Chinese court reporting sites requires a code sent to a mobile phone.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/16/alibaba_tabao_scraped_data_leak/