Executives from Alibaba Group Holdings’ cloud division have been summoned by Shanghai authorities in connection with a theft of police data on Chinese citizens, the Wall Street Journal reported on Thursday.
Based on scans of the police database, cybersecurity researchers concluded that the stolen data of nearly 1 billion Chinese citizens was hosted on Alibaba’s cloud platform, according to the report.
Alibaba did not immediately respond to a Reuters request for comment.
Since the theft was discovered, Alibaba has temporarily disabled all access to the breached database and launched an inspection, the report said.
Earlier this month, it was reported that a hacker claiming to have stolen personal data from hundreds of millions of Chinese citizens is now selling the information online.
A sample of 750,000 entries posted online by the hacker showed citizens’ names, mobile phone numbers, national ID numbers, addresses, birthdays, and police reports they had filed.
AFP and cybersecurity experts have verified some of the citizen data in the sample as authentic, but the scope of the entire database is hard to determine.
Advertised on a forum late last month but only picked up by cybersecurity experts this week, the 23TB database — which the hacker claims contains the records of a billion Chinese citizens — is being sold for 10 Bitcoins (approximately Rs. 16,00,000). the 23TB database — which the hacker claims contains the records of a billion Chinese citizens — is being sold for 10 Bitcoins (approximately Rs. 16,00,000).
At least four people out of over a dozen contacted by AFP confirmed their personal details, such as names and addresses, as listed in the database.
In replies to the original post, users speculated that the data may have been hacked from an Alibaba Cloud server where it was apparently being stored by the Shanghai police.
Potter, the cybersecurity analyst, confirmed that the files were hacked from Alibaba Cloud, which did not respond to an AFP request for comment.
If confirmed, the breach would be one of the largest in history and a major violation of the recently approved Chinese data protection laws.