Shenzhen-listed Ruizhi Huasheng Technology, a third party developer for state-run mobile carriers, stole up to 3 billion pieces of user data from 96 companies including Alibaba, Tencent and Baidu.
A group of Chinese companies stole up to 3 billion pieces of user data from 96 technology firms including Alibaba’s e-commerce platform, Tencent’s messaging app and Baidu’s search engine, reported Caixin.
Led by Shenzhen-listed (now suspended) Ruizhi Huasheng Technology, the group hijacked the data from China’s major state-owned mobile carriers and manipulated the illegally-obtained account information to make profits, including by selling it to advertisers.
Ruizhi Huasheng reportedly became a third-party developer for the state-owned mobile carriers in 2014 to target advertising business, and later placed malicious software onto their servers to gain access to user data, operating three separate marketing businesses to carry out the scheme.
Chinese police launched an investigation in late June, following spam complaints from Tencent users who also had ‘friends’ added to their social media accounts without their permission.
Several Ruizhi Huasheng executives have since been arrested and charged with illegally collecting user data and police have frozen its bank current account. According to reports, the alleged ringleader has fled overseas.
As of July 2017, China has identified at least 1,800 data privacy cases and arrested nearly 5,000 suspects. This latest case represents China’s biggest ever data theft.