Follow us

5 million users’ records of Chinese TaoBao were published for sale

Email addresses and passwords were hacked and put up for sale for several hundred dollars

Published: November 23, 2021 By Darina Shramko

Title image for 5 million user data of the popular online store TaoBao was compromised and put up for sale in DarkNet

Image source –pixabay.com

According to one of the threads on popular leaks trade forum, 5 million lines of TaoBao users are up for sale!

A black seller posted a message on DarkNet a few days earlier that he sells 5 million records of TaoBao user data. The hacker estimated the cost of 1 million lines at $100, specifying that he is ready to discuss another price tag if the buyer offers a reasonable price.

Hacker's message about5 a million records from TaoBao

We asked the seller about the origin of these data and anything else that is additionally for sale, but he claims the data was collected in 2020 and includes only emails and passwords in plain text. It seems he was not in a hurry to sell compromised information. Probably, the black seller was waiting for the "better hour" to sell, and it has come.

The message from seller

In June 2021, The Register already wrote about giant web scrapping that happened with Alibaba's TaoBao, where the developer in charge and his immediate boss were sentenced to three years of jail.

What data was compromised?

The black seller demonstrated a sample to convince buyers that the published data was accurate.

We didn't check if any of the leaked credentials are actually matching real access data.

Sample

Why is the leak dangerous for TaoBao users?

Knowing the email and password, anyone can read the personal correspondence of the victims, as well as analyze their subscriptions.

Often, email accounts receive messages confirming registration on web portals; passwords from social networks or bank cards can also be stored. Having taken possession of confidential information, an attacker can, for example, send messages to friends and relatives of the victims with a request to transfer a large amount of money to his account.

Knowing the password for the mailbox will not be difficult for a hacker to gain access to other accounts on social networks. What will happen next depends on the intentions and greed of the intruders...

How to protect yourself from being hacked

In order not to become a victim of hackers and not to find your data in a compromised database, I strongly recommend that you observe cyber hygiene, namely:

  • Use safe browsers and search engines
  • Do not click on suspicious links, even if your friends sent them. Better call a friend back to make sure that he wrote to you
  • Hide your traffic with VPN services
  • Do not give in to provocations on the Internet. Many hackers use social engineering techniques to provoke a victim into conflict. Don't let others influence your emotions!
Tags: 
Leaks
Author
Darina Shramko
Cybersecurity specialist and researcher.

Leave a comment

click to select