Chinese company Taobao, one of the world’s largest e-commerce websites, was reportedly leaking sensitive information about its users.
It was recently discovered that an unprotected Elasticsearch cluster of data was found which suggested that whoever built and maintained this was harvesting Taobao data illegally, “possibly through web crawling or other unauthorized means.”
The cluster, which has since been shut down, contained 11.1 million records, with each line likely representing one Taobao user.
The database details included people’s names, phone numbers, and postal addresses, providing more than enough information to facilitate identity theft and phishing attacks.
Since it was titled “Taobao,” the information is “almost certainly related to Taobao users.” The e-commerce giant stated that its investigation discovered no data leaks.
“Data privacy and security is of utmost importance to Taobao. Based on our analysis of the sample data provided by Cybernews, there is no data leak identified on our platforms,” the company said.
Unprotected databases are one of the most common causes of data breaches. They are almost always the result of human error and negligence, such as when employees forget to set up a password or other methods of securing access to the files.
Launched in 2003, Taobao is owned by the Alibaba Group and, with almost 900 million monthly active users as of September 2023, it is considered one of the largest e-commerce platforms, not just in China but globally.
However, since the platform is built in Chinese, it remains fairly inaccessible to the rest of the world.
