Sources have told Nikkei Asia that the Shanghai police have been talking with executives of Alibaba’s cloud division over the leakage of its vast trove of data.
Together with technicians from Alibaba’s offices in Shanghai and Hangzhou, they spoke with the Shanghai police on July 3.
In late June, a hacker shook the internet by offering to sell private information of about 1 billion Chinese citizens for 200,000 dollars, or 10 bitcoin. The hacker claimed the data was extracted from the Shanghai police.
The Wall Street Journal (WSJ) reported from analysts that Alibaba’s cloud platform has been hosting the database. The dashboard for managing the data was left unsecured on a public web address for more than a year. The technology was also deemed obsolete and negligent of basic security features.
Alibaba engineers have temporarily blocked all access to the compromised database after the heist was discovered and have started reviewing relevant code.
Sources told the WSJ that Alibaba Cloud had directed employees to check specifics like database configurations and architecture in contracts with significant clients. They particularly are those with dedicated private cloud resources, like governmental and financial institutions.
The outlet noted that this was not the first time Alibaba failed the Chinese government over a cyber security blunder.
In December, the Chinese ministry in charge of technology issued a six-month hold on a cybersecurity collaboration with Alibaba’s cloud computing subsidiary. Beijing claimed the firm neglected to promptly notify it of a software problem.
However, an industry expert told Nikkei Asia that it remains uncertain if Alibaba, agency authorities, or other outsourced companies should be held accountable for the dramatic data breach. Other types of contracted organizations were also involved in administering the Shanghai police database.