原文标题:
Alibaba Executives Called In by China Authorities as It Investigates Historic
Data Heist
原文连结:https://ibit.ly/xBWI
发布时间:July 14, 2022 11:33 am ET
记者署名:Karen Hao
原文内容:
HONG KONG—Executives from Alibaba Group Holding Ltd.’s BABA -4.86%▼ cloud
division have been called in for talks by Shanghai authorities in connection
with the theft of a vast police database, according to people familiar with
the matter, adding urgency to an internal investigation by the Chinese tech
giant into how one of history’s largest data heists was allowed to happen.
The investigation revolves around a cache of sensitive Shanghai police data
on an estimated nearly one billion Chinese citizens, which was offered for
sale online for the equivalent of roughly $200,000 in late June.
Cybersecurity researchers said a dashboard for managing the database had been
left open on the public internet without a password for more than a year,
making it easy to pilfer and erase its contents.
Based on scans of the database, the researchers concluded that it was hosted
on Alibaba’s cloud platform. Company employees also confirmed the
relationship.
Senior managers from Alibaba and its cloud unit gathered virtually to
formulate an emergency response on July 1, after an anonymous seller posted
an advertisement for the data and provided a sample of it in a cybercrime
forum, according to people briefed on the meeting.
Executives called in for meetings with the Shanghai authorities include
Alibaba Cloud Vice President Chen Xuesong, who was recently hired to lead the
unit’s digital public-security business, according to people familiar with
the matter.
Mr. Chen couldn’t be reached for comment. Alibaba and the Shanghai
government didn’t immediately respond to requests for comment.
Since the theft was discovered, Alibaba engineers have temporarily disabled
all access to the breached database and have begun inspecting related code,
some employees familiar with the response said. The reasons for the breach
haven’t yet been determined, they said.
Two cybersecurity companies told The Wall Street Journal the stolen data had
been stored on Alibaba’s cloud using technology that was several years
outdated and lacked basic security features, according to an analysis of the
database’s metadata—part of a pattern they detected with more than a dozen
other databases hosted by the company.
Alibaba didn’t respond to a request for comment on the companies’ findings.
Based on samples provided by the seller, the stolen data is believed to
contain the names, government ID numbers and phone numbers of the vast
majority of Chinese citizens, including minors, as well as records of crimes
reported to the Shanghai police and other sensitive information. Though it’s
common around the globe for databases to be left unsecured, cybersecurity
researchers have said they were shocked to see such a huge volume of this
level of sensitive information set out for the taking.
The breach has highlighted the volumes of data Chinese authorities are
collecting through the country’s nationwide digital surveillance system, as
well as the difficulty the government faces in keeping that data secure.
A report published by China’s state-sponsored National Academy of Governance
in November warned that a paucity of professionals capable of handling
digital systems and a lack of coordination with tech suppliers were
undermining the government’s effort to use technology to more efficiently
manage society.
Mr. Chen, the Alibaba Cloud executive called in by Shanghai authorities,
formerly worked as a government-funded engineer in public security and
information technology, according to employees familiar with his background.
It couldn’t be determined what was discussed in their meeting.
As the investigation continued, Alibaba Cloud ordered staff to review details
such as the database architecture and configurations in contracts with key
clients, especially those with dedicated private cloud resources such as
government agencies and financial institutions, according to employees
familiar with the matter and a cloud customer.
心得/评论:
盘中突然崩崩 查了一下发现这新闻
对岸网友还说:别让马云跑了XD
不说这个,十亿泄密看来真的很伤,这样谁敢用阿里云阿?
无怪乎会被调查了.