Many customers of Yihaodian, the food-oriented Chinese e-commerce site that’s backed by Walmart (NYSE:WMT), have reportedly had their real names and other sensitive data leaked in a major breach of security on the website.
Chinese media is saying that as many as 900,000 users have been affected by this data leak, revealing names, usernames and passwords, mobile numbers, order history, and email addresses. It appears that credit card and other payment information is safe, being handled by the separate websites of various banks after users ‘checkout’ an order on Yihaodian. A journalist at China’s Daily Economic News claims to have seen the leaked user info courtesy of a black market data seller, and has verified that the logins are working.
A spokesperson for Yihaodian – China’s largest food-specialist online retailer – told the newspaper that an investigation is underway, and that it cannot rule out that the leak was not so much a case of hacking as a rogue employee selling data for personal gain. The Yihaodian rep added that it has frozen the accounts it knows have been affected, and will prompt those users to change their account password and also verify that their other details are safe. No mention was made of compensation.
Local media reports that a number of Yihaodian customers have been defrauded already on the basis of their leaked data, citing one “Ms. Zou” who was called up by a fraudster posing as Yihaodian customer support. To cut a long story short, a VIP card was offered to Ms. Zou that was supposed to be free, but she ended up paying 300 RMB (US$47.40) for it upon delivery. Not the crime of the century – but if your data is out in the open, you’ll be a lot more vulnerable to such scammers who know your full name and other official-sounding info.
Last winter, nearly all of China’s major e-commerce sites suffered data breaches that ultimately affected tens of millions of people. Much of this sensitive personal information is sold to either fraudsters or spammers. Authorities in Beijing are trying to crackdown on this black market – as huge a task as that is. It’s made all the worse if – as might be the case here – an e-tailer’s employee joins the dark side and sells out much of its user data.
[Source: Sina Tech - article in Chinese]