Cyber Incident Victim: Alibaba Group

In mid-October 2015, hackers initiated an attack against Alibaba Group's Taobao e-commerce platform by leveraging a database containing 99 million usernames and passwords obtained from multiple unspecified websites. The attackers rented Alibaba's own cloud computing service to systematically input these credentials into Taobao's login system, exploiting the common practice of password reuse across platforms. By November 2015, this credential-stuffing attack had identified 20.59 million active Taobao accounts where users had employed identical login credentials to those found in the compromised database. Alibaba's security systems detected the attack during its execution, blocking the majority of unauthorized login attempts before they could succeed. The company promptly reported the incident to law enforcement authorities and initiated user notifications urging password changes. Chinese police subsequently apprehended the hackers, who had operated for approximately one month before detection.

The compromised accounts were exploited to generate fraudulent orders through a practice known as "brushing," artificially inflating seller rankings on Taobao's marketplace. Attackers additionally sold access to hijacked accounts for fraudulent purposes. Alibaba confirmed its internal systems remained uncompromised throughout the incident, emphasizing that the cloud platform's security wasn't implicated since attackers could have used any comparable service. The 20.59 million affected accounts represented approximately 5% of Alibaba's annual active buyers on its China retail platforms at the time. News of the attack triggered a 3.7% decline in Alibaba's US-listed shares during late trading following the disclosure. This security incident occurred alongside significant corporate developments including Alibaba's $793.5 million investment in Magic Leap and its $3.7 billion acquisition of Youku Tudou, though these transactions were unrelated to the attack response.