Get Our Email Newsletter

Data Breach Exposes 20 Million Retail Accounts in China

According to online security news source Naked Security, in China has been the victim of a massive data breach, with as many as 100 million records used to hack more than 20 million Taobao user accounts.

Founded in 2003 by China’s online giant Alibaba, Taobao is a consumer-to-consumer (C2C) buying and selling online website that operates in Chinese-speaking regions, similar to eBay or Amazon in the United States. Literally translated as “searching for treasure website,” the site provides a retail platform for small businesses and individual entrepreneurs to open online stores that mainly cater to consumers. With hundreds of millions of product listings it is one of the world’s most visited websites.

In the online consumer-to-consumer world, purchases are made through a website, rather than from a website. Regular sellers build—or lose—credibility; succeeding or failing based upon their history and reputation with customers. In this kind of selling environment the business becomes self-policing, as poor products, poor service, and inappropriate or illegal activity will quickly lead to the demise of the business based on consumer feedback.

- Digital Partner -

However, the ability to create false accounts that publish positive feedback, or those that can jump into the online bidding process of auctions to illegitimately inflate prices, can greatly influence the profitability and reputation of the seller. This appears to be one of the primary objectives of the recent data breach.

While the details of the data breach are not fully known at this time, it appears that cyber criminals illegally gained access to nearly 100 million email addresses and passwords from an unknown source. Taobao allows you to register an account using your phone number, a username, or your email address.

Beginning in October 2015 these cyber criminals began trying to access the accounts, managing to gain access to almost 21 million Talbao accounts based on the access to existing account information from the data breach. These accounts were then used for fake reviews and fake bidding to enhance the reputation of seller accounts and raise prices of products by creating false bidding wars on auctions.

According to cyber security experts, spotting some of these attack patterns following a data breach is often relatively easy to identify—the second time it happens. Unfortunately, with 21 million opportunities it could take some time to sort it all out.

Taobao users have been encouraged to change passwords using new password combinations that are both strong and unique to the user, and to monitor activity to look for unauthorized use.

Loss Prevention Magazine updates delivered to your inbox

Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.

What's New

Digital Partners

Become a Digital Partner

Violence in the Workplace

Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.


View All | Sponsor a Webinar


View All | Submit a Whitepaper

LP Solutions

View All | Submit Your Content

Loss Prevention Media Logo

Stay up-to-date with our free email newsletter

The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.

No, thank you.

View our privacy policy.