Alibaba’s Chinese shopping operation Taobao has suffered a data breach of over a billion data points including usernames and mobile phone numbers. The info was lifted from the site by a crawler developed by an affiliate marketer.

Chinese outlet 163.com reported the case. A developer created a crawler that was able to reach beneath information available to the human eye on Taobao, and that the crawler operated for several months before Alibaba noticed the effort.

163.com suggests the source of the crawler was a company that makes money from affiliate referrals to Taobao, and that the site was scraped from November 2019 until Alibaba noticed the activity in July 2020. Alibaba notified authorities, an investigation commenced, and the matter landed in the People’s Court of Suiyang District which in May convicted a developer and his employer of lifting the data.

News of the scraping incident comes as China increasingly seeks to rein in its web giants, to prevent them from gaining excess market power and to ensure they don’t collect more data than is needed for their everyday activities.

Alibaba has reportedly fessed up to messing up a rather different approach to that displayed by Facebook when news of over 500 million scraped customer records re-emerged in April 2021 and The Social Network suggested users should revisit their privacy settings to stop scrapers.