South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Users of food delivery services grew 135 million in a year, according to a CNNIC report. (Picture: AFP)
AbacusTech

Report: data from users of popular food delivery apps stolen and sold online in China

Names, phone numbers and addresses listed for as little as 1 US cent apiece

Cybersecurity
Xinmei Shen
Xinmei Shen
Why you can trust SCMP
This article originally appeared on ABACUS

Order a meal online in China, and strangers can get hold of your name, phone number and address.

That’s according to an investigation by a Beijing newspaper, detailing how user information was stolen from some of China’s biggest food delivery platforms, including Meituan and Ele.me.

The Beijing News spoke to a black market vendor who was selling personal data at 800 yuan (US$125) for every 10,000 profiles. The information includes name, gender, phone number and address of users from recent food orders. 
Users’ personal information is sold online for just a little more than 1 US cent apiece. (Picture: The Beijing News)

So how did the information got stolen? Turns out, they were leaked by delivery drivers, as well as operators that run takeaway services for restaurants.

Marketing firms and cold callers made up the majority of data buyers, who communicated through online chat groups.  

Food delivery apps are hugely popular in China. More than 343 million users across most Chinese cities have grown accustomed to these fast and cheap services -- that's roughly one in every four people in the country. 

Meituan and Ele.me say that they have notified the police and are working to improve the security of their platforms.

Users of food delivery services grew 135 million in a year, according to a CNNIC report. (Picture: AFP)

Still, the case triggered an outcry among Chinese internet users, who are becoming increasingly worried about online privacy. Many say they've been kept in the dark on how tech companies are using their personal data.

Recently, a think tank in Beijing found that some internet lenders did not include privacy agreements in their apps -- and often asked to access information that's unnecessary for operating their services.
And last year, Huawei reportedly gleaned information from WeChat messages to provide restaurant recommendations for users of its Honor Magic smartphones. The move was blasted by WeChat provider Tencent, which itself was accused of snooping on chats.

The government has been taking actions to tackle growing concerns.

In January, regulators slammed Baidu, Alibaba and news aggregator giant Bytedance over what they called weak data protection policies. Companies were warned they could face severe punishment for future violations. 

(Abacus is a unit of the South China Morning Post, which is owned by Alibaba.)

For more insights into China tech, sign up for our tech newsletters, subscribe to our Inside China Tech podcast, and download the comprehensive 2019 China Internet Report. Also roam China Tech City, an award-winning interactive digital map at our sister site Abacus.

Post