ID Thieves Exploit Alibaba's Cloud to Speed Hack Attack
Web Services // Retailer // China
Miscreants obtained 99 million credentials from other websites, and then used the company's web services to input the details into accounts on Alibaba's Taobao e-commerce site.
Of the 99 million usernames, 20.59 million were also being used for Taobao accounts.
Alibaba's systems discovered and blocked the vast majority of log-in attempts, according to the company.
The hackers were entering the compromised accounts to place fake orders on Taobao, a practice known as "brushing” that raises sellers' rankings. The hackers also sold accounts to be used for fraud
"Alibaba's spokesman declined to comment on how the hackers were able to use its cloud computing service for the attack. He said they could have used any such service, and that the attack was not made possible by loopholes in Alibaba's platform," according Reuters. The company claims, "Alibaba's system was never breached."