CP
cyberpings
RegulationHIGH

Ant Group - Censors Security Research Articles After Complaint

FDFull Disclosure
Ant GroupAlipayCybersecurity LawTencentCensorship
🎯

Basically, Ant Group made four articles about Alipay's security disappear after a complaint.

Quick Summary

Ant Group has censored four articles detailing Alipay's security vulnerabilities after an initial complaint was rejected. This raises concerns about censorship and user safety. Millions of users could be at risk due to undisclosed vulnerabilities. It's crucial to stay informed about the security of your financial apps.

What Happened

On March 15, 2026, a significant incident unfolded when four articles detailing security vulnerabilities in Alipay were forcibly deleted from the public WeChat account AI-security-innora. This action was taken by Tencent at the behest of Beijing Geyun Law Firm, representing Ant Group. The firm cited China's Cybersecurity Law as the basis for their request. Interestingly, this same complaint had been rejected just days prior by WeChat, which deemed it did not meet the threshold for removal due to reputation infringement.

The articles in question included alarming titles such as "GPS location silently exfiltrated from 1B+ users' payment app" and "Whitelist bypass as a universal attack key." This deletion raises serious questions about the balance between security research and corporate censorship.

Who's Affected

The censorship affects not only the researchers involved but also millions of Alipay users. With over a billion users, any vulnerabilities in Alipay pose a significant risk to personal data and financial security. The articles detailed 17 vulnerabilities with a CVSS score ranging from 7.4 to 9.3, indicating a serious threat level. The researchers had initially reported these vulnerabilities to Ant Group through responsible disclosure, but the company's response was to label them as “normal functionality.”

This situation highlights a troubling trend where companies may suppress legitimate security research to protect their reputations, potentially leaving users vulnerable to exploitation.

What Data Was Exposed

The articles that were deleted contained critical information about vulnerabilities in Alipay, including:

  • GPS data being exfiltrated from users' devices.
  • Whitelist bypass vulnerabilities that could allow unauthorized access.
  • Other security flaws that could compromise user data and transaction security.

The deletion of this information not only hinders transparency but also prevents users from being aware of potential risks associated with the app they use for financial transactions.

What You Should Do

If you are an Alipay user, it is crucial to stay informed about the security of the applications you use. Here are a few steps you can take:

  • Monitor updates from credible cybersecurity sources regarding Alipay.
  • Consider using additional security measures, such as two-factor authentication.
  • Be cautious of any unusual activity on your account and report it immediately.

Furthermore, advocating for transparency in security research can help ensure that vulnerabilities are addressed rather than suppressed. Engaging with organizations that track researcher threats can also provide valuable insights and support for those in the cybersecurity community.

🔒 Pro insight: This incident underscores the ongoing tension between corporate interests and the need for transparency in cybersecurity research.

Original article from

Full Disclosure

Read Full Article

Share

Related Pings

MEDIUMRegulation

CMS Expands Digital Identity Options for Beneficiaries

CMS is enhancing security for Medicare beneficiaries with new digital identity options. Users can now verify their identity through ID.me, CLEAR, or Login.gov. This change aims to protect sensitive information and reduce fraud risks. Stay informed about these important updates!

SC Media·
MEDIUMRegulation

Regulation - Bipartisan Bill Upgrades Cyber Tech for Water Utilities

A new bipartisan bill aims to enhance cybersecurity in rural water utilities. The FLOWS Act provides $50 million annually for upgrades, improving safety and efficiency. This funding is crucial for under-resourced communities.

SC Media·
HIGHRegulation

Cloudflare Appeals €14M Fine Over Italy's Piracy Shield

Cloudflare is challenging a €14 million fine from Italy over the Piracy Shield. This controversial regulation threatens internet transparency and user rights. Stay tuned as Cloudflare fights back against excessive penalties and advocates for a fairer internet.

Cloudflare Blog·
HIGHRegulation

White House Cybersecurity - New Executive Order Explained

The White House has launched a new executive order focusing on email security to combat cybercrime. This initiative aims to enhance protections against phishing and fraud. By adopting AI-driven strategies, the government seeks to strengthen national security and improve defenses across federal agencies.

SC Media·
HIGHRegulation

Cybercrime - U.S. Executive Order Recognizes Organized Crime

The U.S. government has officially declared cyber-enabled fraud as organized crime. This shift calls for a united front from both government and private sectors. The stakes are high as cybercrime threatens economic stability and national security. Action is needed to dismantle the infrastructure supporting these criminal operations.

CyberScoop·
HIGHRegulation

Certificate Lifespans Shrinking - Organizations Unprepared

TLS certificate lifespans are being reduced significantly, pushing organizations to adapt quickly. Many are unprepared for the upcoming changes, risking operational disruptions. Immediate action is crucial to avoid potential issues and ensure compliance.

Help Net Security·