Site icon AllTechAsia

China’s No.2 e-commerce site reported massive passwords leakage

According to report from Tencent Tech on Saturday, a data package of 12G, containing over 10 million pieces of private information from users, has been sold in pieces on the black market, at different prices on a range of RMB 100,000 (USD 14,462) to RMB 700,000 based on the quantity of information.

The information includes user names, passwords, email addresses, Tencent account numbers, phone numbers, and national identity card numbers. responded on Sunday that the leaked information comes from a web security attack in 2013, when almost all internet companies, as well as banks and government agencies in China, were affected. said that the security flaw has long been mended.

Why would data that leaked out in 2013 suddenly jump out three years later, at the end of 2016? Among other factors, this has to do with “information laundering”, a process that may take months and even longer, when hackers drain what benefits they can from the stolen information.

With data on hand, hackers would log onto those accounts for the first round of “laundering”; for example, the virtual money of a game account would be transferred away before the account info is sold to others.

However, this is not the first time that users have had their private information at risk. Aside from anything else, hackers are not the only hand behind the scene.

Another information leak at occurred in 2015, leading to a total loss of millions of RMB to several users. A year later, it was found out that the criminals were three logistics employees who got their hands on over 9,000 pieces of user information during work. is not alone in suffering from user information leakage. In 2014, AliPay suffered a leak of 20G of data, an act which was also committed by an employee. According to NetEase News, it was sold at RMB 500 for every 30,000 pieces of information, including users’ real names, phone numbers, email addresses, home addresses, and purchasing history.

The buyers of the information? The majority of them would be other e-commerce platforms, the report said.

If you think that the harm caused by those leaks is limited to a specific account, you’re wrong: hackers can use the information to get their hands on your other accounts as well, making it especially dangerous if you have set the same password for all your accounts.

You might want to reset your passwords now.

(Top photo from

Exit mobile version