Alipay sorry for customer data leak

Alipay sorry for customer data leak

Summary: China's biggest e-payment service provider has apologized for a security breach in which 20GB worth of customer data were downloaded and sold to other companies.

SHARE:
1

China's biggest e-payment service provider, Alipay, has apologized for a security breach in which personal data of its customers were downloaded and sold. 

A subsidiary of Chinese e-commerce giant, Alibaba Group, Alipay said in a statement Sunday that it had notified local regulators and would update the public on the results of the investigation. "The leaked data revealed only transaction information before 2010, [and] excluded sensitive information such as usernames or passwords, which were ciphered through a sophisticated method that is not available to anyone," it said.  

The company accounts for 61 percent of China's third-party payment market, noted a China Daily report, citing stats from IT consultancy iResearch. Some 200 banks and 400,000 e-commerce merchants currently support Alipay as an online payment channel.

According to local reports, a former employee had accessed the company's backend system and downloaded 20GB worth of customer data, including mobile numbers, home and e-mail address, and transaction records. He then colluded with two IT professionals to sell the data to other companies--mostly e-commerce vendors looking to push advertisement to online shoppers. The former employee and his two accomplices were now in police custody in Hangzhou. 

Alipay said it uncovered the surreptitious activity during an internal audit and reported it to local authorities. In its statement, it pledged to beef up its security measures to safeguard user privacy. 

Quoting user and insurance company clerk, Wang Hongji, China Daily reported: "I'm worried at the thought of a possible leak of my correspondence address, not to mention they might leak my transaction passwords." Wang said he usually had over 10,000 yuan (US$1,638) in his Alipay account.

The report further cited Li Zhi, principal analyst at Beijing-based consultancy Analysis International, who noted online shoppers in China often were required to provide personal data, making them susceptible to security and privacy threats. "The situation can even be exacerbated when a transaction involves multiple services, where the payment is conducted between a customer and a primary service provider that outsource services to others," Li said.

Alipay in February 2013 partnered Microsoft to develop a security tool for personal computers, mobile phones, and other end-user devices, as both companies looked to increase awareness of e-commerce security risks. 

Online transactions are growing exponentially in China, which is predicted to bypass the U.S. to become the world's biggest e-commerce market in 2013. According to Consultancy firm Bain & Co., the Asian economic giant would generate 3.3 trillion yuan (US$540.56 billion) in e-commerce revenue by 2015.

The Chinese government also was reportedly drafting policies as part of efforts to drive cross-border e-commerce activities.   

Topics: E-Commerce, Security, China

About

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently a freelance blogger and content specialist based in Singapore, she has over 16 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • this is why

    You should never ever give your real identity to anyone online. All online services should be based off of an revocable alias. All data collected by anyone in a database or online system will ultimately be leaked. The current practices are not acceptable and will eventually expose nearly everyone to unrepairable identity theft for which the only remedy will be to issue you a new identity.

    Get this concept through your heads... all online data collected will be leaked or hacked... period. No one is immune.
    greywolf7