Alibaba denies blame for 20 million hack attempt

Alibaba denies hack of 20M accounts
Alibaba denies hack of 20M accounts

Alibaba has denied that its security system was to blame for an incident that saw hackers attempt to access over 20 million accounts on Taobao, one of the shopping sites owned by the Chinese e-commerce giant.

Attackers obtained a database of 99 million usernames and passwords from a number of websites then using Alibaba's cloud computing platform, and then entered the details into Taobao. The hackers found that 20.59 million matched exact details of users on Taobao accounts, according to Reuters, citing a report on the Ministry of Public Security's website.

The hackers started doing this around mid-October and were discovered in November. According to the report, Alibaba immediately told the police and the attackers have now been caught. The Chinese e-commerce giant blocked the majority of log-in attempts.

"Alibaba's system was never breached," the company said in a statement, highlighting that it was not to blame for the stolen credentials.

"This incident involved suspects using account login information stolen from other websites to attempt to match with Taobao accounts. Our world-class security team detected these criminal attempts in the first instance and mitigated the potential effects by swiftly reminding users to change their passwords and not use the same password on multiple platforms."

According to the reports, hackers were using the hacked accounts to place fake orders on Taobao to boost sellers' ratings. They also sold accounts on so they could be used for fraud.