Alibaba-owned Taobao Chinese shopping platform faced a massive data leak where 1.1 Billion pieces of data were breached with a malicious actor using web-crawling software.

The Taobao data leak:

Taobao is among the most popular shopping platforms in China. Every month, approximately 925 million use Taobao and other Alibaba retail sites, according to the organization.

The massive data leak of the shopping website included private customer data such as user IDs, comments, and phone numbers.

After learning about the data breach, Alibaba subsequently reported the incident to the corresponding law authorities.

Court verdicts of the data leak:

The case was taken up to the district court in China’s central Henan province and the verdict presented the aforementioned facts, also providing that a software developer had used a web crawler to exfiltrate the data from the popular Chinese shopping platform.

While the court verdict exempts Alibaba from holding them accountable for the Taobao data leak, but a near-future can potentially hold them for penalties under the 2017 cybersecurity law of the country.

China’s new Data Security Law was passed in April and makes the data collected from private companies operating in the country subject to government oversight. The new legislation, which stems from the country’s 2017 Cybersecurity Law, takes effect on September 1.

Also read,

Detailing the data leak, it was provided that a software developer with the last name Lu, exfiltrated the data from the site using a tool he developed on the Taobao platform in 2019. 

Reportedly, Lu then initiated the siphoning off bits of user data from the site, which was then handed over to Lu’s employer, a promotions firm that worked with Taobao merchants. The employer used the data to find new clients and claim Taobao coupons.

Both the perpetrators, Lu and the unnamed employer were sentenced to over three years in prison.