Taobao 1.2 billion customer information was crawled, hackers illegally profited 340,000 yuan

Keywords infringement of citizens’ personal information crime

Recently, disclosed a case of private information being crawled: two criminals crawled and stole a large amount of data on After verification, nearly 1.2 billion pieces of personal information were leaked this time.

On July 13, 2020, Taobao security risk controller Feng Mou suddenly discovered during work that there was abnormal traffic behavior on the evaluation interface of the Taobao platform. After investigation, it was found that someone was crawling encrypted data by cracking the interface.

Taobao immediately reported to the police that from July 6, 2020 to July 13, 2020, the Taobao wireless open platform order evaluation interface bypassed the platform’s risk control to crawl encrypted data in batches, and the amount of crawled fields was huge.

According to statistics, the average number of crawls per day between July 6 and July 13, 2020 is 5 million. The crawl content includes sensitive fields such as buyer user nicknames, user evaluation content, and nicknames. At the same time, investigations on Taobao website revealed that Lu was suspected of committing a major crime. The crime was committed at the Family Home of the Civil Affairs Bureau, Changjiang Road, Xincheng Street, Suiyang District, Shangqiu City, Henan Province.

On August 15 of the same year, Lu was arrested by the police in the Green Tree Inn Hotel on Changjiang Road, Suiyang District, Shangqiu City, and was detained on the same day. He was arrested on September 22 of the same year; Li was in Sui, Shangqiu City on August 21 of the same year. He was arrested by the police in the Weimei Hotel on Changjiang Road in Yang District. He was detained on August 22 and arrested on September 22 of the same year.

Lu Mou used the software developed by him to crawl Taobao customer digital ID, Taobao nickname, mobile phone number and other Taobao customer information, a total of 1,180,738,048. Lu Mou sent the Taobao customer mobile phone number in the crawled information to Li in the form of a WeChat file. A total of 19,726,611 (19.71 million) were used.

In November 2019, Lu wrote his own software “Taoying Review”. The software can crawl the Taobao digital ID and Taobao nickname of Taobao customers through the Taobao product detailed information interface and Taobao information sharing interface, and crawl the mobile phone number information of Taobao customers through the Taobao sharing interface. Subsequently, Lu provided the crawled customer mobile phone number information to Li. The crawled Taobao customer ID and Taobao nickname and other information were stored in his computer hard disk, and were not provided to Li and leaked. According to his confession, since November 2019, he has successfully crawled at least 50 million pieces of data, each of which is divided into 3 fields including UID, Taobao nickname, and user’s mobile phone number.picture

Court decision:

Illegal acquisition of personal information, each sentenced to more than 3 years in prison

After the two persons were arrested, the People’s Procuratorate of Suiyang District, Shangqiu City sued them to the People’s Court of Suiyang District, Shangqiu City, Henan Province for “infringing on citizens’ personal information.”

After trial, the court found that Lu was employed by Li, and the two violated national regulations and illegally obtained citizens’ personal information. The circumstances were particularly serious, and their actions had constituted the crime of infringing citizens’ personal information.

Based on the circumstances of the crime and social harm, the court ruled in accordance with the law: Li Mou was guilty of infringing on citizens’ personal information and sentenced to three years and six months in prison and a fine of 350,000 yuan. Lu was guilty of infringing on citizens’ personal information and was sentenced to three years and three months in prison and a fine of 100,000 yuan. At the same time, the illegal income of Li and Lu continued to be recovered and turned over to the treasury in accordance with the law; the tools of the crime were seized in accordance with the law.

The Links:   G050VINO11 MSG100U43

Related Posts