More than 1 billion data items from Alibaba Group e-commerce platform Taobao were stolen over the course of one week last year, a court document has revealed.
The stolen data includes sensitive information, such as user IDs and phone numbers, according to a court document released this month. The number of users affected remains unknown.
Two men were convicted of privacy violations and were sentenced to more than three years in jail. One was fined 100,000 yuan (US$15,610) and the other 350,000 yuan.
The duo used web-crawling software to steal the data between July 6 and July 13 last year and accrued a profit of 340,000 yuan, the document said.
It is unclear how the profit was made as Taobao told Apple Daily that the data items were never sold to a third party, and no user had suffered any financial loss as a result.
Hong Kong-based information technology expert Francis Fong said the leak this time could be even more serious than the April Facebook leak, which involved 530 million users.
Taobao’s internal system was attacked and the culprits managed to obtain hidden information such as phone numbers, he explained.
Chinese lawyer Xue Ying said stolen phone numbers could have a serious impact in China because people had to provide their real legal names to obtain one. Mobile phone numbers could constitute personal information as a result, he said.
The data leak came as China attempted to assume more control over information currently held by the country’s technology companies. A new law coming into effect in September would give the government power to shut down or fine companies mishandling “core state data.”
Central government requests data
Earlier this year, the Wall Street Journal cited news that the China Securities Regulatory Commission is considering asking Ant Group to hand over consumer credit data in the hopes of breaking Ant’s monopoly on data.
Officials and government consultants who reported contact with the regulatory situation revealed that regulators on the mainland believe Ant has a lot of personal information, even more than the bank responsible for the loans, creating an unfair competitive advantage. They are currently planning to overthrow this business. model. The first option is to ask Ant to submit its data to the national credit reporting system operated by the People’s Bank of China, and the second option is to ask Ant to share the information with a rating company controlled by the People’s Bank of China. However, it is currently unknown whether the regulator requires Ant to transfer all data, including data used by Ant to analyze customer reputation.