Alibaba executives called in by Chinese authorities over data breach

Police in Shanghai summoned executives from the cloud division of Alibaba after hackers successfully stole data that had information on around one billion Chinese citizens from the Shanghai police database.

Personal data including ID numbers, addresses and phone numbers were taken and sold online by a hacker called “ChinaDan.”

The database that hacker “ChinaDan” offered to sell for 10 bitcoin, or around $200,000, contained information from 1995 to 2019 and some of the sample records made public were shown to be genuine. A post on a hacker forum that detailed this leak was removed soon after posting and a message in Chinese was published on the website reading:

“Hello, dear Chinese users, welcome to our forum. You most likely came here because of the Shanghai police database leak. The data is no longer being sold, and posts related to this topic have been deleted.”

Technicians from Alibaba are reportedly working with the police to address the hacking incident. According to cyber security researchers, cyber criminals were able to gain access to this sensitive data as the dashboard for managing the database was left without a password.

The cloud technology used by Alibaba was outdated and did not have an up-to-date security certificate. The Chinese multinational tech firm have set out to undertake a comprehensive review of security details for important clients, particularly those in the financial industry and in government.

Neither Chinese authorities or Alibaba have publicly commented on the data breach, with social media platform Weibo censoring searches related to the hacking. Shares fell in Alibaba after news broke that executives had been called in by the police, with concerns still remaining about potential future hacks at the company.