IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Chinese authorities summon Alibaba executives over data breach

An unknown attacker stole the data of over a billion citizens from a police database, in one of the largest breaches recorded in history

Chinese authorities have reportedly called in Alibaba cloud executives for talks over the police database data breach that emerged at the start of July.

Alibaba is carrying out an investigation of its own into how the data breach of over a billion people happened, according to The Wall Street Journal (WSJ). The breach, one of the largest in history, saw the data taken from a Shanghai police database and was put online for sale for around $200,000 in late June.

Cyber security researchers said that a dashboard for managing the database had been left open, without a password, for over a year. Researchers concluded that it was hosted on Alibaba’s cloud platform which was also confirmed by company employees.

After the anonymous attacker posted an advertisement selling the data with a sample list of the information on a cyber crime forum, senior Alibaba managers gathered to come up with an emergency response on 1 July.

The executives reportedly called in for the meetings with Shanghai authorities include Chen Xuesong, Alibaba Cloud vice president, who had been hired recently to lead the cloud unit’s digital public-security business. 

IT Pro has contacted Alibaba for comment.

Since the data breach was discovered, engineers at the company have temporarily disabled access to the database and have started inspecting related code. However, the reasons for the breach haven’t yet been determined.

The stolen data had been stored on Alibaba’s cloud using technology that was several years outdated and lacking in basic security features, two cyber security companies, LeakIX and SecurityDiscovery, told the WSJ. It was missing an up-to-date security certificate, with the company last deploying one in September 2017 which was never renewed after its expiration a year later.

The data is also believed to contain personal information belonging to Chinese citizens including names, government ID numbers, phone numbers, and records of crimes reported to the police. 

Since the breach has occurred, Alibaba Cloud has ordered staff to review details like the database architecture and configurations in contracts with key clients, putting an emphasis on those with dedicated private cloud resources including government agencies and financial institutions.

Related Resource

Your key to digital differentiation and competence

Database services fit for app modernisation, cloud-native innovation, and data-driven strategies

Whitepaper cover with title and image of woman wearing glasses writing on a whiteboard in a dark officeFree Download

LeakIX and SecurityDiscovery also found 13 other Alibaba-hosted databases which used the same outdated version of the database and database products. They had also been set up identically with the database on a private server and the dashboard on the public internet. All 13 had the same certificate that then expired and nearly all had been left open for around a year. One database had over 60TBs of data while another had 92TBs, far more than the 23TBs stolen from the Shanghai police.

This isn’t the first time that the Chinese tech giant has faced scrutiny over its data-security practices. Last December, its cyber security partnership with the Chinese ministry in charge of technology was suspended for six months after the government alleged the company took too long to report a global software vulnerability.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Google announces new cloud regions in Asia Pacific
cloud computing

Google announces new cloud regions in Asia Pacific

10 Aug 2022
South Korean public sector organisations targeted by Gwisin ransomware
ransomware

South Korean public sector organisations targeted by Gwisin ransomware

8 Aug 2022
APAC region to lose 63 million jobs to automation by 2040
automation

APAC region to lose 63 million jobs to automation by 2040

8 Aug 2022
Cyber attacks rain on Taiwan during Pelosi visit
cyber warfare

Cyber attacks rain on Taiwan during Pelosi visit

5 Aug 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022