Hack Notice

Hack Notice: Taobao


a Chinese software developer trawled Alibaba group Holding Ltd. s popular Taobao shopping website for eight months, clandestinely collecting more than 1.1 billion pieces of user information before Alibaba noticed the scraping, a Chinese court verdict said. The software developer began using web-crawling software he designed on Taobaos site starting in November 2019, gathering information including user IDs, mobile-phone numbers and customer comments, according to a verdict released this month by a district court in Chinas central Henan province. When Alibaba noticed the data leaks from Taobao, one of Chinas most-visited online retail sites, the company informed the police, the court said. A spokeswoman said Alibaba proactively discovered and addressed the incident and was working with law enforcement to protect its users. She wouldnt elaborate on how many multitude were affected. No user information was sold to a third party and no economic loss occurred, she said. About 925 zillion people utilise Alibabas Chinese retail platforms at least once a month, according to the company. While the developer didnt prevail encrypted info such as passwords, some of the data he scraped, including phone numbers and a fortune of usernames, isnt publicly presented on the website. Chinese legal experts say a data leak involving mobile-phone numbers would have more far-reaching consequences in China than in other parts of the world. In China, where people are required to register with real name recognition before obtaining a mobile phone number, such numbers are considered by law to be personal information, said Annie Xue, a Beijing-based lawyer at GEN law firm. Related Video Ant, Alibaba show How china Reins in Big Tech Faster Than Other Countries YOU may ALSO LIKE UP NEXT Ant, Alibaba demo How China Reins in Big Tech Faster Than Other Countries Ant, Alibaba present How china Reins in Big Tech Faster Than Other Countries In less than six months, Chinas tech behemoth emmet went from planning a blockbuster IPO to restructuring in reaction to pressure from the central bank. As the U.S. also takes purport at big tech, heres how China is moving faster. photo illustration: Sharon Shi In addition, Chinese consumers sign up for most of the internet services they expend with their mobile phones, and knowing a persons cellphone number would create it easier for a bad histrion to pin down someones social-media accounts and other personal information, said Clement Chen, an assistant professor of law at the University of Hong Kong. Hangzhou-based Alibaba has come under enhanced scrutiny from regulators since late last year, when authorities called off a blockbuster initial public offer of its financial affiliate Ant radical Co. days before the scheduled listing. Huge consumer data leaks have become commonplace in china in recent years, as the countrys data-security regularization struggles to snatch up with its technology advancements. Personal information from these leaks is often sold on the black market for pennies and has resulted in a fledgling privacy movement among Chinese citizens. Chinese lawmakers have pushed for more lapse to better protect personal data. last week, prc passed a new data-security law to enhance Beijings control over data flows within the country and improve consumer data protection. The law, along with proposed legislation modeled on the European Unions data-protection regulation, is intended to reinforce data rules such as the cybersecurity law introduced in 2017. The Henan court filing, dated in may but released this month, indicated that the software developer, surnamed Lu, passed the phone numbers he collected to his employer. The employer, who operated a companionship doing promotions for sellers on Taobao, used the information to mark clients and take coupons from Taobao. The two were each sentenced to more than three years in prison. It isnt uncommon for Chinese court rulings to be publicly released months after the verdict, and published rulings typically include only peoples surnames. NEWSLETTER SIGN-UP WSJ pro Cybersecurity Cybersecurity news, analysis and insights from WSJ's global team of reporters and editors. PREVIEW SUBSCRIBE Though Alibaba wasnt blamed in the ruling, the company could still side administrative penalties under the 2017 cybersecurity law, said You Yunting, a senior partner at Shanghai Debund Law Offices. Alibaba declined to comment on whether it had informed users of the incident. Since Ants IPO was called off, antitrust regulators have levied a record $2.8 1000000000 mulct against Alibaba for abusing its dominant position in the countrys online retail place and experience asked Ant to overhaul its businesses to devolve in line with regulation. Large global tech companies including Facebook Inc. get also had to contend with data leaks. in April, Facebook blamed malicious actors for scraping data including names and phone numbers of more than 530 trillion users. Legal and privacy experts said then that the social-media firm chose to describe the incidents as data scraping instead of hacking to avoid triggering laws and rules in various jurisdictions requiring companies to account data breaches to regulators and the public. Write to Yang Jie at jie.yang@wsj.com and Liza Lin at Liza.Lin@wsj.com Copyright 2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8 Appeared in the June 16, 2021, print edition as 'Software Developer Scraped User Data From Alibaba Site.'

About HackNotice and Taobao

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and Taobao was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of Taobao their products, services, websites, or applications and you were a client of HackNotice, monitoring for Taobao you may have been alerted to this report about Taobao . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If Taobao had a breach of consumer data or a data leak, then there may be additional actions that our clients should take to protect their digital identity. data breaches, hacks, and leaks often lede to and do identity theft, account read overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer info through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that take to lower client security and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice workings with clients to identify the extent that digital identities have been exposed and provides remediation suggestions for how to handle each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that share data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account accept overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share cut notices with their friend, family, and collogues to help increase awareness around alleged hacks, breaches, or data leaks. HackNotice works to provide clients with sharable reports to help increase the security of our clients personal network. The security of the people that our clients interact with directly impacts the layer of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account accept overs through phishing, malware, and other attach techniques.

If you found this hack notice to be helpful, then you may be interested in reading some additional hack notices such as:

information to an untrusted environment. Other terms for this phenomenon include unintentional inforit is shared electronically and to devote patients some important rights to monitor their medical recomewhat fluid. The going of a trusted faculty member with access to sensitive information can becom

Defacement http://phocaipiboon.go.th/pun10.html

Canad Inns.

Prominence Health Plan