News: Attackers use Alibaba’s own cloud service to attack its users.
The Chinese state media yesterday revealed that Alibaba has been hit by a cyber attack. The giant retailer’s Taobao online marketplace was compromised, with hackers attempting to access 20.59m customers’ accounts.
While the Chinese firm insisted that most of the accounts were protected, and that hackers did not gain access to data in the majority of cases, it did concede that attacks on a smaller number of accounts were successful.
An Alibaba spokesman did not give any confirmation about the total number of accounts that had been accessed, or say what data had been compromised.
Alibaba said that the hackers used login details stolen from other websites to try and gain access to Taobao accounts, on the basis that users often use the same login credentials for multiple online accounts.
Alibaba’s own cloud service was used to conduct the attack, with the company spokesman saying that the attackers had rented space on it.
The hackers had 99m usernames, and used Alibaba’s cloud platform to input them into Taobao. They then found that 20.59m of the 99m credentials they had were used for Taobao.
The Alibaba spokesperson insisted to the media that the firm’s own system was not broken into by hackers point. "Alibaba’s system was never breached," they said.
The compromised accounts were reportedly used to make fake orders on the e-commerce site, in addition to being sold for fraud.
The firm recommended that users change their passwords. It saw a drop in share price after initial reports of the attack, with analysts saying they fell by up to 3.7%. The firm’s shares closed trading on February 4th on the New York Stock Exchange up 2.24% at $64.86.
Chinese police have made arrests following on from the attack.
Cyber crime is a growing problem in China and the Far East. In November 2015 the records of 5m people, including 200,000 children were breach during an attack on the Hong Kong based toymaker VTech.
Alibaba’s chairman and founder Jack Ma has a net works of $26.5m. The news of the hack comes at the same time as his financial services firm Reorient is forming a joint joint-venture with Giant Investment and Jiangsu YuWell Technology Development, which will offer brokerage, investment-banking and asset management services in China.