A Taobao customer in Zhejiang Province points to a product in the e-commerce site, in which more than 20 million accounts were reportedly attacked by hackers last year. (Photo : REUTERS)
Alibaba’s e-commerce site Taobao claimed that hackers in China have attempted to access over 20 million accounts in their site last year, CRIENGLISH.com reported.
Investigation by the police showed that the hackers obtained 99 million usernames and passwords from a number of websites, over 20 million of which were also being used for Taobao accounts.
According to the report, Alibaba first discovered about the hackers' activity in November last year when they tried to input details into Taobao.
It was reported earlier that hackers had used Alibaba's own cloud computing to access users' accounts in Taobao. A spokesperson for Alibaba, however, denied that report, saying that the hackers had used a software to attack the site, instead of Alibaba's cloud service.
A report by the Wall Street Journal said that the incident is the latest reminder of cybersecurity threats facing China's popular online services which accumulate massive data from millions of users.
The report quoted the company as saying that the account login information used by the suspects to gain access to the Taobao accounts had been stolen from other websites. Since some people use the same usernames and passwords for multiple websites, the stolen information matched that of 20.59 million Taobao accounts, the company said.
Alibaba said its security team detected the attempts and blocked the vast majority of them, according to the Wall Street Journal report.
The company spokesperson reiterated that Alibaba's own system was never breached as the attacks used login information stolen from other sites. The spokesperson also cautioned users to regularly change passwords to keep their accounts secure.
The report said that the attack on Alibaba was the latest case of cybersecurity incidents involving Asian companies. In November, VTech Holdings Ltd., a Hong Kong-based maker of digital learning toys, claimed that an "unauthorized party" hacked into its database and stole information which included the names and birth dates of 6.4 million children and 4.9 million adults as well as photos and chat messages.
