Hackers attack 20 million accounts on Alibaba’s Taobao shopping site

Hackers in China tried to access over 20 million active accounts on Alibaba Group’s Taobao e-commerce website using Alibaba’s own cloud computing service, according to a state media report posted on the Internet regulator’s website.

An Alibaba spokesman reportedly said that Suspects have already been arrested.

A spokesman for the company said the attack was detected “in the first instance”, allowing it to alert users to change their passwords.

In recent years, cyber-attacks in the world’s second largest economy has risen at an increasing rate. According to China’s Ministry of Public Security, the attackers had access to a database with 99 million usernames.

The Ministry further highlighted that hackers accessed Alibaba’s cloud computing service to enter details into the company’s flagship Taobao platform. The attackers started inputting the login details into Taobao in mid-October, and were discovered in November. The hackers have since been caught, it said.

The ministry insists that Alibaba’s systems uncovered and blocked most of the login attempts. The hackers also sold accounts to be used for fraud, it said.

A spokesperson for Alibaba declined to comment to Reuters when asked about what security measures the website had in place at the time of the hack, but did say that the cyber-attack was “not aided” by any gaps in Alibaba’s computer platform.

“Alibaba’s system was never breached”, the company said in a statement, highlighting that it was not to blame for the stolen credentials.