Attack on 20m accounts of Alibaba’s shopping site “Taobao”!

Taobao is a famous E-commerce site owned by Alibaba Group. Some hackers attacked on Taobao to gain the access of 20 million active accounts. According to a report, in this attack hackers used a database which was full of usernames and passwords. There were approximately 99 million usernames and passwords in that database.

These usernames and passwords belongs to the multiple popular websites. Hackers used these login credentials on the cloud computing service of Alibaba “Alicloud”. According to the famous news agency Reuters, hackers gained the access of many accounts because owners of these hacked accounts were using same username and password on many other popular websites.

CloudLock director, Yishai Beeri said that this happened due to the common ignorance of users as they did not managed their passwords in a well manner. It is a very common mistake done by the users but it is the most dangerous. A speaker of Alibaba group told that suspected criminals has been arrested.

System admins of Alibaba found a number of login attempts on the server continuously and they blocked these logins attempts immediately. On the other hand the compromised accounts were used by hackers to make fake orders. The credentials of many accounts were also sold by hackers on the dark web.

The database of Taobao is safe because hackers already had the login credentials of compromised accounts. May be they had purchase it from the other hackers who had stolen these credentials from other popular websites.

In December 2014, there was a security flaw in the website of company. By using this flaw hackers were changing the order details of customers and they were also stealing the financial credentials of users. Later security researchers reported about this flaw and then they fixed it. The customers of Alibaba also faced many Phishing scams in December 2015. But this time database of company is safe.

Source: SCMAGAZINE