China’s Pinduoduo Reports Theft Worth Millions of Yuan
Hackers took advantage of a loophole in online group discounter Pinduoduo Inc.’s platform to steal tens of millions of yuan worth of vouchers, the company said Sunday.
The bug has been fixed and the company has reported the incident to police, Pinduoduo said in a statement on its official Weibo account. The police in Shanghai started a cyber fraud investigation, freezing related vouchers.
The breach occurred late Saturday night when users found they could get a free 100 yuan ($14.75) voucher that could be applied to any item on the platform. Within hours, a large number of vouchers were redeemed, some of which were used to prepay phone bills and other virtual services, the company said.
Rumors soon circulated on social media that Pinduoduo could have lost 20 billion yuan ($2.95 billion) from the scheme. But the company denied that speculation and put its actual loss at less than 10 million yuan ($1.48 million).
The breach raised questions about the risk controls of the three-year-old e-commerce platform. The company denied any systemic security loopholes, saying that criminals exploited a loophole in the platform’s operating rules. It didn’t specify what the loophole was.
Based on currently available information, Pinduoduo’s multiple operating sections seem to have problems, said Fu Liang, an independent technology analyst. When a well-above-average number of orders flooded the system in the middle of the night, it should have triggered an alarm, Fu said.
In another statement Monday morning, Pinduoduo said the incident took place during the pre-Chinese New Year sales season, when a large number of coupons are normally issued and used.
E-commerce platforms should run fault tolerance tests when designing promotional programs to ensure the discounts actually benefit their target consumers, Fu said. Pinduoduo is too young and doesn’t have enough operating experience to prevent such breaches, Fu said.
The voucher was designed exclusively for a dating show, meaning it was never supposed to be available to broader users. However, hackers spread an illegally obtained QR code for the voucher on social media to lure more general users to exploit it, the company said.
Once exploiters redeem the vouchers and use them to buy virtual coins, they can resell their virtual coins and pocket the profits within minutes, Fu said, making it hard for Pinduoduo to trace down the originators.
Pinduoduo said the platform won’t hold general consumers involved accountable for the incident, but it didn’t say how it would deal with the redeemed vouchers.
Pinduoduo mainly sells cheaper generic products, from toilet paper to fruits, mainly to lower-income shoppers in smaller cities. It allows users to group together to get better discounts.
The fast-growing company made a strong debut on the Nasdaq last July, following a $1.63 billion initial public offering that was one of the biggest flotations by a Chinese company in the U.S. in 2018. But the stock has gone on a choppy ride amid reports that it was selling counterfeit goods.
The company reported its net loss widened five-fold to 1.1 billion yuan in the third quarter.
Pinduoduo’s Nasdaq-traded stock dodged an immediate hit Monday because the U.S. stock market is closed in observance of Martin Luther King Jr. Day. The stock closed at $24.99 last Friday, up 31.5% from the IPO price.
Apr 03 18:41
Apr 03 16:11
Apr 03 13:37
Apr 03 10:13
Apr 02 18:19
Apr 02 15:27
Apr 02 14:02
Apr 02 13:46
Apr 02 09:22
Apr 01 16:00
Apr 01 15:51
Apr 01 13:31
Apr 01 10:40
Apr 01 03:10
Apr 01 03:06
- 1China for First Time Reveals Its Number of Asymptomatic Coronavirus Cases
- 2Wuhan Will Suffer Long After Virus is Gone, ‘Battlefield’ Diarist Says
- 3China’s Asymptomatic Coronavirus Case Numbers Don’t Tell the Whole Story
- 4Huawei and ZTE Win Contracts to Build 200,000 5G Base Stations
- 5Wuhan’s Covid-19 Crisis Is Easing. Its Mental Health Issues Are Just Beginning
- 1Power To The People: Pintec Serves A Booming Consumer Class
- 2Largest hotel group in Europe accepts UnionPay
- 3UnionPay mobile QuickPass debuts in Hong Kong
- 4UnionPay International launches premium catering privilege U Dining Collection
- 5UnionPay International’s U Plan has covered over 1600 stores overseas