Shares of Alibaba plunged almost 6% on Friday after a Wall Street Journal report linked the tech conglomerate’s cloud division to a massive theft of police data being investigated by authorities in Shanghai.
An anonymous hacker, identified as ‘ChinaDan,’ claimed in late June to have perpetrated one of the biggest data breaches in history by obtaining personal information of more than 1 billion Chinese residents from the Shanghai police. He reportedly offered it for sale for bitcoins – about $200,000.
A dashboard for managing the database was left ‘open’ on the internet for over a year without a password, which made it easy to access and retrieve its contents, the Wall Street Journal reported, citing cybersecurity researchers.
Based on scans of the police database, the researchers said the data was hosted on Alibaba’s cloud platform, which temporarily disabled access to the breached database and launched an inspection after the theft was discovered, the report said.
The report, citing sources familiar with the matter, also said that Shanghai authorities had summoned executives from the company’s cloud division in relation to the data.
The Shanghai government and spokespersons for Alibaba, as well as its cloud division, did not immediately respond to requests for comment. Chinese authorities have yet to confirm the breach occurred.
‘At the Mercy of Regulators’
Alibaba’s share price fell by 5.98% – its the biggest daily percentage drop since June 13, and the stock was on track to end the week down 15.3%, its biggest weekly drop since its Hong Kong market debut in November 2019.
The company’s US listed shares had closed down 3.6% on Thursday.
Brock Silvers, chief investment officer at Kaiyuan Capital in Hong Kong, says that if Alibaba was connected to the alleged breach, it would be “at the mercy of Beijing’s regulators.”
“New business could be impaired until this matter is cleared. Even when it is cleared, there is potential for substantial fines,” he said.
The alleged breach comes as Chinese regulators tighten policy concerning data privacy and strengthen their oversight over the country’s technology giants.
Alibaba’s cloud division, the country’s largest player by market share, has come under regulatory fire before. In December, China’s industry ministry suspended a cooperative agreement with Alibaba Cloud over accusations it failed to promptly report and address a cybersecurity vulnerability.
Some local Chinese authorities have sought to move their data away from privately-owned cloud systems. Last year, the city of Tianjin was reported to have ordered municipality-controlled companies to migrate all their data to a state-backed cloud system.
- Reuters with additional editing by Jim Pollard