Alibaba-owned online marketplace may have breached millions of users

More than 11 million Taobao users have data taken

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Chinese company Taobao, one of the world’s biggest andbest ecommerce platforms, was reportedly leaking sensitive information on its users, a new report fromCybernewshas claimed.

The team recently uncovered an unprotected Elasticsearch cluster of data, and say whoever built and maintained this was harvesting Taobao data illegally, “possibly through web crawling or other unauthorized means”.

The cluster, which was shut down in the meantime, held 11.1 million records, each line likely representing one Taobao user. The details found in the database included people’s names, phone numbers, and postal addresses, which is more than enough to mountidentity theftand phishing attacks.

No data leak identified

Cybernews was unable to independently verify the authenticity of the information found in the database, but since it was titled “Taobao”, the information is “almost certainly related to Taobao users”. The e-commerce giant said its investigation discovered no data leaks.

“Data privacy and security is of utmost importance to Taobao. Based on our analysis of the sample data provided by Cybernews, there is no data leak identified on our platforms,” the company said.

Unprotected databases are one of the most common causes of data breaches. They are almost always the result of human error and sloppiness, when employees forget to set up a password, or other ways of locking down access to the files.

Launched in 2003, Taobao is owned by the Alibaba Group, and with almost 900 million monthly active users for September 2023, it is considered one of the largest e-commerce platforms, not just in China, but globally, as well. However, with the platform being built on Chinese, it is fairly inaccessible to the rest of the world.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Businesses handling large data volumes should implement authentication and authorization mechanisms, and configure firewall rules to only allow traffic from trusted sources, the Cybernews team advised.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This new malware utilizes a rare programming language to evade traditional detection methods