Alipay Apologizes for 20 Gigabyte Employee Data Breach
Alipay, the Chinese payment branch of Alibaba and considered the “PayPal of the East,” has issued an apology after discovering an employee plot to steal and sell user data.
There are reports that an Alipay internal audit in 2012 revealed the plot, which occurred in 2010 and was carried out by a previous employee. Alipay issued a formal apology on Sunday.
The former employee surnamed Li, told police that he accessed 20 gigabytes of personal information that included passwords, usernames, phone numbers, emails, and purchase histories.
The former employee and his accomplices had sold the information that may have been useful to marketers and e-commerce websites, who have likely paid a premium.
Though Alipay states that this information dates back to 2010, and was “ciphered through a sophisticated method that is not available to anyone,” the information breach may have negative implications on the security concerns of Chinese consumers.
Alipay is China’s largest third-party payment processor, and holds a 61 percent share of the third-party market. With e-commerce set to grow in China, and globally, these breaches are a major blow to consumer confidence.
Speaking to China Daily, one Alipay user said, “I’m worried at the thought of a possible leak of my correspondence address, not to mention they might leak my transaction passwords.”
The leak also brings up questions of Alipay’s legal culpability. Since it sits in the grey area of being classified as a financial institution, it’s up in the air what kind of punishment Li and Alipay might face.