Alipay Blames Flaw One User Found on Data Leak
(Shanghai) – The country's largest online payment service by number of users has said a customer who found his account was linked to e-commerce websites without his knowledge was the victim of data leak, but did not comment when other users found similar problems with their Alipay accounts.
The Alipay user said on Sina Weibo, the Chinese version of Twitter, on October 8 that he was going through the settings for his account and discovered that it had been authorized to make payments to five websites even though he never gave his permission.
The user of the online payment service linked to New York-listed Alibaba Group Holding Ltd. said he was never notified the links had been established, and he feared he would be responsible for purchases he did not make.
An Alipay employee who declined to be named described the issue as "a design flaw," and Alipay said on Weibo on October 10 that a leak of the user's personal information was to blame for the problem.
Other Alipay users have said in online comments that checks of their accounts showed that they too had been authorized to make payments to websites without them knowing. Alipay has not said whether these users were the victims of data leaks.
Many users said that later checks showed that the links had been removed from their accounts. However, some said they had to contact Alipay to do this because they could not remove them on their own.
The Alipay employee said that the team responsible for designing the company's website had been notified of the problem and would fix it. The team had thought about requiring users to verify such links, but chose to skip the step to help the user experience, the employee said.
Alipay is China's most popular online payment tool. As of 2013, it had 300 million users who registered their real names with the company, Alibaba said in an annual report.
The company was criticized for an incident in May that saw its service stop working for more than two hours.
The central bank has repeatedly chastised Ant Financial Services Group and its competitors for too often trading security for the convenience of users. The company has been told to put some of its new services – such as e-credit cards and payments made by the scanning of codes – on hold because they failed to meet its security standards.
The regulator is worried because it fears that scammers can use flawed payment systems to commit fraud on a large scale.
Data related to more than 10 million bankcards that was held by a payment company was leaking in January, causing losses of nearly 40 million yuan over the next six months, said a report written by central bank experts that Caixin has read.
The report did not name the payment company.
(Rewritten by Chen Na)
Jul 02 19:38
Jul 02 16:33
Jul 02 14:50
Jul 02 13:28
Jul 02 12:04
Jul 01 19:08
Jul 01 17:47
Jul 01 16:22
Jul 01 15:59
Jul 01 12:58
Jun 30 18:14
Jun 30 17:59
Jun 30 16:17
Jun 30 12:53
Jun 29 16:35
- 1Cover Story: The Mystery of $2 Billion of Loans Backed by Fake Gold
- 2Dialogue with Jared Diamond: Global Pandemic and Crisis Management
- 3Exclusive: China Plans to Grant Securities Licenses to Commercial Banks
- 4EU May Open Borders to Chinese Travelers if Beijing Reciprocates
- 5China Business Digest: Luckin Coffee to be Kicked Off Nasdaq; U.S. Sets Record for New Covid-19 Cases in a Single Day
- 1Power To The People: Pintec Serves A Booming Consumer Class
- 2Largest hotel group in Europe accepts UnionPay
- 3UnionPay mobile QuickPass debuts in Hong Kong
- 4UnionPay International launches premium catering privilege U Dining Collection
- 5UnionPay International’s U Plan has covered over 1600 stores overseas