Alibaba shares sank on Friday after a report said the tech giant’s executives had been called in for meetings with Chinese officials over the theft of a vast police database.
A hacker last month put on sale what they claimed was the personal information of hundreds of millions of Chinese citizens — which, if true, would make it one of the biggest data heists in history.
Cybersecurity analysts subsequently confirmed that the data — partly verified by AFP — was stored on Alibaba’s cloud servers, apparently by the Shanghai police.
The company’s shares slumped 5.7 percent at the open in Hong Kong on Friday, hours after The Wall Street Journal reported that Shanghai authorities had called in its executives for talks in connection with the heist.
The Journal cited unnamed people familiar with the matter as saying the executives included Alibaba Cloud vice president Chen Xuesong, who heads the unit’s digital public security work.
The report added that senior managers from Alibaba and its cloud unit held a virtual meeting on July 1 after a seller advertised the stolen database in a cybercrime forum.
As part of an internal investigation, company engineers have cut access to the breached database and have started reviewing related code, the Journal said, citing employees familiar with Alibaba’s response to the hack.
The database is believed to have been stored on Alibaba’s servers using outdated and insecure technology.
Alibaba did not immediately respond to an AFP request to confirm the information in the report.
China maintains a sprawling nationwide surveillance network that collects huge amounts of data from its citizens, ostensibly for security purposes.
Beijing has passed stronger data protection laws in recent years as public awareness of data security and privacy issues has grown.
There are few ways, however, for ordinary citizens to stop the government from gathering information on them.
The sample of 750,000 entries posted online by the hacker showed citizens’ names, mobile phone numbers, national ID numbers, addresses, dates of birth and the police reports they had filed.
The hacker wanted 10 bitcoin — around $200,000 at the time — for the entire database.
Some of the information appeared to have been drawn from express delivery services, while other data included summaries of police incident reports in Shanghai over more than a decade until 2019.
At least four people out of more than a dozen contacted by AFP last week confirmed their details were listed in the database.
Help safeguard press freedom & keep HKFP free for all readers by supporting our team
Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit.