Web crawler grabs 1.1 billion user data from shopping platform

Using a web crawler, around 1.1 billion user data of the shopping platform Taoboa was reportedly tapped by a competitor. Taoboa is operated by Alibaba and is a globally known and successful platform.

Crawling has been going on since late 2019

Reports of extreme data collection come from the Wall Street Journal and also from Chinese site 163.com. According to this, a Chinese developer collected close to 1.1 billion user data of the shopping platform Taoboa by using a web crawler. This also emerges from corresponding court documents.

According to the available information, the enormous collection of data began as early as the end of 2019. This is said to be not just about simple data that can be easily collected together. Apart from user IDs on the site, comments from users and their phone numbers were also collected. In other words, data that is not directly visible on the site. How this data was collected is not yet known. However, the collection of data took place over several months, without the operators would have noticed.

Authorities know about it

After the webcrawling came to light, Alibaba directly informed the authorities so that they could take action and investigate the perpetrators. During the investigation by the authorities, it then came out that this was a company that runs promotions for sellers on the platform. The company wanted to use the collected data to target its customers. So a kind of profiling by means of the captured data. As a result of the investigation, the head of the company and also the developer of the web crawler received respective prison sentences of more than three years each.

Alibaba not prosecuted so far

Although such sensitive data as phone numbers are used for many purposes in China, Alibaba is not to be legally prosecuted. At least so far. The rules for data protection in China are probably rather less strict or missing here probably still completely. On the other hand, it is questionable whether the data protection regulations apply to such a collection via web crawler, is not quite so easy to determine. Since the data can be collected just like that. As far as the telephone number is concerned, the situation could be different, since it is personal data that is protected and should not be easily accessible. This is exactly the reason why the Facebook case is to be investigated, since the data leak a few months ago also revealed phone numbers and users received unwanted messages as a result. Therefore, the authorities could also get involved and investigate this more closely.