Alibaba victim of huge data leak as China tightens security, Companies & Markets News & Top Stories

HONG KONG (BLOOMBERG) – Alibaba Group Holding was the victim of a months-long web-scraping operation by a marketing consultant that siphoned up sensitive data including usernames and phone numbers, according to a court case that wrapped in June.

A central Chinese court ruled that an employee of a consultant that helps merchants on Alibaba’s Taobao online mall was guilty of dredging up more than a billion data items on Taobao users since 2019, using that to serve clients. The court imposed jail terms of more than three years on the staffer and his employer, alongside fines totaling 450,000 yuan (S$93,300).

None of the customer data was sold and Alibaba’s users didn’t incur financial losses from the episode, the company said in a statement. The incident however coincides with Beijing’s widening effort to tighten the ownership and handling of troves of information that internet giants from Alibaba to Tencent Holdings and Meituan hoover up daily from hundreds of millions of users.

“Taobao devotes substantial resources to combat unauthorised scraping on our platform, as data privacy and security is of utmost importance. We have proactively discovered and addressed this unauthorized scraping,” a Taobao spokesperson said in a statement. “We will continue to work with law enforcement to defend and protect the interests of our users and partners.”

Shares of the e-commerce giant declined more than 1 per cent in Hong Kong trading on Wednesday (June 16).

Xi Jinping’s administration has tightened control over the hoard of information produced by the nation’s tech companies, part of efforts to position China as a leader in big data while curbing the growing influence of its largest private firms. The government has been pouring money into data centres and other digital infrastructure to make electronic information a national economic driver and help shore up the Communist Party’s legitimacy.

China’s new data security regime goes into effect on Sept 1, giving Mr Xi’s administration the power to shut down or fine tech companies found mishandling “core state data.” The legislature is also drafting personal information protection legislation that is expected to be adopted this year.

That push parallels debates in the US, where lawmakers have called for breaking up internet titans like Facebook and Alphabet, and in Europe, where regulators have prioritised antitrust actions and giving users more control over data. US President Joe Biden ordered a security review of foreign software applications Wednesday after revoking Trump administration bans on the Chinese-owned apps TikTok and WeChat that had faced opposition in U.S. courts.