Chinese officials gather Alibaba execs over data heist

Alibaba shares sank on Friday after a report
said the tech giant’s executives had been called in for meetings with Chinese
officials over the theft of a vast police database.

A hacker last month put on sale what they claimed was the personal
information of hundreds of millions of Chinese citizens — which, if true,
would make it one of the biggest data heists in history.

Cybersecurity analysts subsequently confirmed that the data — partly
verified by AFP — was stored on Alibaba’s cloud servers, apparently by the
Shanghai police.

The company’s shares slumped 5.7 percent at the open in Hong Kong on
Friday, hours after The Wall Street Journal reported that Shanghai authorities
had called in its executives for talks in connection with the heist.

The Journal cited unnamed people familiar with the matter as saying the
executives included Alibaba Cloud vice president Chen Xuesong, who heads the
unit’s digital public security work.

The report added that senior managers from Alibaba and its cloud unit held
a virtual meeting on July 1 after a seller advertised the stolen database in a
cybercrime forum.

As part of an internal investigation, company engineers have cut access to
the breached database and have started reviewing related code, the Journal
said, citing employees familiar with Alibaba’s response to the hack.

The database is believed to have been stored on Alibaba’s servers using
outdated and insecure technology.

Alibaba did not immediately respond to an AFP request to confirm the
information in the report.

China maintains a sprawling nationwide surveillance network that collects
huge amounts of data from its citizens, ostensibly for security purposes.

Beijing has passed stronger data protection laws in recent years as public
awareness of data security and privacy issues has grown.

There are few ways, however, for ordinary citizens to stop the government
from gathering information on them.

The sample of 750,000 entries posted online by the hacker showed citizens’
names, mobile phone numbers, national ID numbers, addresses, dates of birth
and the police reports they had filed.

The hacker wanted 10 bitcoin — around 200,000 dollars at the time — for the
entire database.

Some of the information appeared to have been drawn from express delivery
services, while other data included summaries of police incident reports in
Shanghai over more than a decade until 2019.

At least four people out of more than a dozen contacted by AFP last week
confirmed their details were listed in the database.(AFP)


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.