According to a state media report, hackers in China have attempted to gain access to more than 20,000,000 active accounts on Alibaba’s Taobao e-commerce website using the company’s own cloud computing service.
Cyber crime is on the rise globally, but China has experienced a sharper rise than most other countries internationally. In Alibaba’s case, hackers managed to get their hands on a database containing ninety-nine million usernames and passwords from a variety of other websites, said a corroborating report from the Chinese Ministry Of Public Security. Of the ninety-nine million usernames the hackers used to login to Alibaba’s cloud service, 20.59 million of them were also currently being used at the same time for Taobao accounts.
The hack against Alibaba began in October 2015, but the company’s security team only discovered the profligate cybercrime activity in November. Alibaba has however denied that its security system is to blame for the incident. A statement from the company said that “Alibaba’s system was never breached,” and also denied that the company was itself to blame for the stolen credentials.
“This incident involved suspects using account login information stolen from other websites to attempt to match with Taobao accounts. Our world-class security team detected these criminal attempts in the first instance and mitigated the potential effects by swiftly reminding users to change their passwords and not use the same password on multiple platforms.”
It would be quite easy to raise a classically skeptical eyebrow at such a statement. After all, 20 million fraudulent login attempts isn’t exactly a small number. But then Taobao does experience a vast amount of traffic on a daily basis, and then there’s also the fact that the hackers may only have needed try each username/password combination once.
The main aim of the hackers, according to reports, was to place fake orders on Taobao to boost sellers’ ratings, in a technique known as ‘brushing’ in China. Several thousand accounts were also reportedly sold on.
The hackers have since been caught, the Chinese Ministry has said.