COSC 1301

A major computing security breach in the past ten years is the Alibaba breach in 2019.

The Organization

The name of the organization that was breech is Alibaba, which is headquartered in Hangzhou, China. The company specializes in provision of retail services, e-commerce, and market technology and hence has a large clientele base.

The breached

The organization was breached in November 2019 and was discovered after over eight months. A developer was working for an affiliate marketer who deleted customer data that included mobile names and user names from the Alibaba website named Tabao using a crawler software he had built (Hope, 2021). It appeared that the developed was collecting data to boost their own business and not for black market sale.

Software vulnerabilities

The software vulnerability that was leveraged is was the Taobao software, which was compromised by the web crawling software. The Taobao company, which hosted the Alibaba data, admitted to the breach and devoted resources to rectifying the unauthorized craping since the privacy and security of the clients was of importance.

The compromised information

The information that was compromised included user IDs, mobile phone numbers of the customers, and the comments made by the clients. This information is confidential and only visible to the company administrator (Hope, 2021). For instance, sensitive data like phone numbers of clients, which are registered with the governed, was compromised.

Financial damages

There were no financial damages but the developer collected over 1.1 billion user information from the Alibaba website (Jain, 2021). The leak was massive and led to a court case where the developer was jailed for the breach. The government had introduced a new data security law to improve the control of data flows and ensure data protection while cutting on damage costs.

Accountability for the breach

The consultant developer and his employer were found accountable for the breach. The developer obtained sensitive data from the Alibaba in November 2019 using a web scrapping software which is an illegal practice under the Chinese laws. Alibaba discovered the leak and informed the police. Together with his employer, the developer was imprisoned for three years and fined 450000 yuan (Jain, 2021).

Recovery

The data leak did not have a financial impact on Alibaba as the developer did not share or sale the information with other people or competitor companies, but they used the data for their own business benefits. In this regard, Alibaba recovered from the breach by enhancing its data security to avoid web scraping data leaks. Besides, the court found Alibaba and Taobao to not have violated any law in China, but the developer was found guilty of security laxity and suctions applied accordingly.

References

Hope, A. (2021, June 25). Web Scraping on Alibaba’s Taobao Resulted in Data Leak of 1.1 Billion Records. Retrieved from CPO Magazine: https://www.cpomagazine.com/cyber-security/web-scraping-on-alibabas-taobao-resulted-in-data-leak-of-1-1-billion-records/

Jain, T. (2021, October 10). Alibaba’s Data Breach. Retrieved from Ranksecure.com: https://www.ranksecure.in/blog/alibabas-data-breach