Hackers attacked over 20 million accounts on Taobao, the e-commerce website which uses Alibaba’s own cloud computing service. This translates into one out of every 20 active annual buyers on the site.
It is reported that the hackers obtained a database of 99 million usernames and passwords from a number of websites and used Alibaba’s cloud computing platform to input the details into Taobao. Of these usernames, they found about 20 million were also being used for Taobao accounts. The hackers started inputting the details into Taobao in mid-October and were discovered in November, at which time Alibaba immediately reported the case to police. An Alibaba spokesman has said the company detected the attack in “the first instance” and reminded users to change passwords, and worked closely with the police investigation. The hackers have since been caught.
Alibaba’s systems discovered and blocked the vast majority of log-in attempts. The hackers used compromised accounts to fake orders on Taobao, a practice known as “brushing” in China and used to raise sellers’ rankings. Alibaba’s spokesman has said that the attack was not aided by any possible loopholes in Alibaba’s platform.
However, Chinese companies have been facing a number of cyber-attacks in recent times. The present attack rings alarm bells for all e-commerce users as Taobao is among the world’s top dozen most visited websites, with an Alexa global rank of 12 and China rank of 3.