*Several millions of users of Taobao, one of the world鈥檚 most visited Web sites, owned by owned by Chinese technology giant Alibaba, were likely exposed after researchers discovered an unprotected Elasticsearch cluster with publicly accessible user data, endangering individuals whose information was exposed

Gbenga Kayode | 绿帽献妻

Millions of consumers鈥� phone numbers, home addresses, and other personal information have been revealed on Taobao, an online shopping platform owned by Chinese technology giant Alibaba.

Recent market reports indicated that only half of consumers trust e-commerce platforms.

A research team鈥檚 latest report also proved that 鈥榰ser trust鈥� issues are not entirely unfounded, CyberNews report said.

According to the team, millions of users of Taobao, one of the world鈥檚 most visited Web sites, were likely exposed after researchers discovered an unprotected Elasticsearch cluster with publicly accessible user data.

The researchers also noted 鈥渢he origin of the data suggests that it may have been obtained from Taobao’s servers illegally, possibly through web crawling or other unauthorised means.鈥�

The now-closed cluster held a whopping 11.1 million records, with each record most likely representing one Taobao user. The exposed details include names, phone numbers, and home addresses.

The source also said researchers noted that the cluster was titled, 鈥淭aobao鈥� and contained information that was almost certainly related to Taobao users.

However, the team could not independently verify the findings. According to Taobao, the company鈥檚 analysis did not indicate any data leaks.

 

Still, the company stated: 鈥淒ata privacy and security is of utmost importance to Taobao. Based on our analysis of the sample data provided by Cybernews, there is no data leak identified on our platforms.鈥�

The team鈥檚 findings are not the first time that Taobao鈥檚 users have been exposed. Back in 2020, 1.1 billion of the platform鈥檚 users had their details illegally obtained by a marketing consultant who employed web scraping software, report said.

Risks of leaked data to individual consumers

The researchers said: 鈥淥ur findings could indicate that attackers store a massive dataset for a quick search prior to a planned attack campaign.鈥�

The team further explained that leaking the data of millions of users endangers individuals whose information was exposed.

They stated that threat actors could utilise the exposed information for identity theft, phishing attacks, or other fraudulent activities.

Besides, personal information, such as names, phone numbers, and addresses can be leveraged for various malicious purposes, including identity fraud and spamming, according to them.

The researchers noted: 鈥淭his incident aligns with previous data breaches affecting e-commerce companies, highlighting the persistent need for robust cybersecurity measures to protect consumer privacy and trust in the digital marketplace.鈥�

The team, therefore, urged consumers and businesses dealing with large volumes of data to implement authentication and authorisation mechanisms and configure firewall rules to only allow traffic from trusted sources, such as specific IP addresses or ranges, to access the Elasticsearch cluster.

Taobao is among China鈥檚 largest e-commerce platforms, with 895 million active Taobao app users in September of 2023 alone. In 2022, the Office of the United States Trade Representative added Taobao to its list of Notorious Markets for Counterfeiting and Piracy, according to report.

Kindly Share This Story