Alibaba-owned online marketplace may have breached millions of users

News
By published

More than 11 million Taobao users have data taken

IT
(Image credit: Shutterstock / carlos castilla)

Chinese company Taobao, one of the world's biggest and best ecommerce platforms, was reportedly leaking sensitive information on its users, a new report from Cybernews has claimed.

The team recently uncovered an unprotected Elasticsearch cluster of data, and say whoever built and maintained this was harvesting Taobao data illegally, “possibly through web crawling or other unauthorized means”.

The cluster, which was shut down in the meantime, held 11.1 million records, each line likely representing one Taobao user. The details found in the database included people’s names, phone numbers, and postal addresses, which is more than enough to mount identity theft and phishing attacks.

No data leak identified

Cybernews was unable to independently verify the authenticity of the information found in the database, but since it was titled “Taobao”, the information is “almost certainly related to Taobao users”. The e-commerce giant said its investigation discovered no data leaks.

“Data privacy and security is of utmost importance to Taobao. Based on our analysis of the sample data provided by Cybernews, there is no data leak identified on our platforms,” the company said.

Unprotected databases are one of the most common causes of data breaches. They are almost always the result of human error and sloppiness, when employees forget to set up a password, or other ways of locking down access to the files.

Launched in 2003, Taobao is owned by the Alibaba Group, and with almost 900 million monthly active users for September 2023, it is considered one of the largest e-commerce platforms, not just in China, but globally, as well. However, with the platform being built on Chinese, it is fairly inaccessible to the rest of the world. 

Businesses handling large data volumes should implement authentication and authorization mechanisms, and configure firewall rules to only allow traffic from trusted sources, the Cybernews team advised.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
Top collectibles site leaks personal data of nearly a million users
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
This widely-used instant loan app leaks nearly 30 million files of user data
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Dell Pro Max with GB300

HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
See more latest
Most Popular
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip