Alibaba Falls Victim to Chinese Web Crawler in Large Data Leak
A Chinese software developer trawled Alibaba Group Holding Ltd. ‘s popular Taobao shopping website for eight months, clandestinely collecting more than 1.1 billion pieces of user information before Alibaba noticed the scraping, a Chinese court verdict said.
The software developer began using web-crawling software he designed on Taobao’s site starting in November 2019, gathering information including user IDs, mobile-phone numbers and customer comments, according to a verdict released this month by a district court in China’s central Henan province. When Alibaba noticed the data leaks from Taobao, one of China’s most-visited online retail sites, the company informed the police, the court said.
A spokeswoman said Alibaba proactively discovered and addressed the incident and was working with law enforcement to protect its users. She wouldn’t elaborate on how many people were affected. No user information was sold to a third party and no economic loss occurred, she said. About 925 million people use Alibaba’s Chinese retail platforms at least once a month, according to the company.
While the developer didn’t obtain encrypted information such as passwords, some of the data he scraped, including phone numbers and a portion of usernames, isn’t publicly presented on the website.