Alibaba’s Chinese shopping operation Taobao has suffered a data breach of over a billion data points including usernames and mobile phone numbers. The info was lifted from the site by a crawler developed by an affiliate marketer.
Chinese outlet 163.com reported the case last week and today it was picked up by the Wall Street Journal.
Both reports state that a developer created a crawler that was able to reach beneath information available to the human eye on Taobao, and that the crawler operated for several months before Alibaba noticed the effort.
163.com suggests the source of the crawler was a company that makes money from affiliate referrals to Taobao, and that the site was scraped from November 2019 until Alibaba noticed the activity in July 2020. Alibaba notified authorities, an investigation commenced, and the matter landed in the People’s Court of Suiyang District — which in May convicted a developer and his employer of lifting the data.
Both were sentenced to three years inside.
Thankfully, the perps appear not to have shared the data, instead hoarding it for their own purposes.