CP
cyberpings

Ant Group - Censors Security Research Articles After Complaint

Ant Group has censored four articles detailing Alipay's security vulnerabilities after an initial complaint was rejected. This raises concerns about censorship and user safety. Millions of users could be at risk due to undisclosed vulnerabilities. It's crucial to stay informed about the security of your financial apps.

RegulationHIGHUpdated: Published:

Original Reporting

FDFull Disclosure

AI Summary

CyberPings AIΒ·Reviewed by Rohit Rana

🎯Basically, Ant Group made four articles about Alipay's security disappear after a complaint.

What Happened

On March 15, 2026, a significant incident unfolded when four articles detailing security vulnerabilities in Alipay were forcibly deleted from the public WeChat account AI-security-innora. This action was taken by Tencent at the behest of Beijing Geyun Law Firm, representing Ant Group. The firm cited China's Cybersecurity Law as the basis for their request. Interestingly, this same complaint had been rejected just days prior by WeChat, which deemed it did not meet the threshold for removal due to reputation infringement.

The articles in question included alarming titles such as "GPS location silently exfiltrated from 1B+ users' payment app" and "Whitelist bypass as a universal attack key." This deletion raises serious questions about the balance between security research and corporate censorship.

Who's Affected

The censorship affects not only the researchers involved but also millions of Alipay users. With over a billion users, any vulnerabilities in Alipay pose a significant risk to personal data and financial security. The articles detailed 17 vulnerabilities with a CVSS score ranging from 7.4 to 9.3, indicating a serious threat level. The researchers had initially reported these vulnerabilities to Ant Group through responsible disclosure, but the company's response was to label them as β€œnormal functionality.” This situation highlights a troubling trend where companies may suppress legitimate security research to protect their reputations, potentially leaving users vulnerable to exploitation.

What Data Was Exposed

The articles that were deleted contained critical information about vulnerabilities in Alipay, including: The deletion of this information not only hinders transparency but also prevents users from being aware of potential risks associated with the app they use for financial transactions.

πŸ“

GPS data

being exfiltrated from users' devices.

πŸ‘€

Whitelist bypass

vulnerabilities that could allow unauthorized access.

πŸ’°

Other security flaws

Other security flaws that could compromise user data and transaction security.

What You Should Do

If you are an Alipay user, it is crucial to stay informed about the security of the applications you use. Here are a few steps you can take: Furthermore, advocating for transparency in security research can help ensure that vulnerabilities are addressed rather than suppressed. Engaging with organizations that track researcher threats can also provide valuable insights and support for those in the cybersecurity community.

Do Now

  • 1.Monitor updates from credible cybersecurity sources regarding Alipay.
  • 2.Consider using additional security measures, such as two-factor authentication.

πŸ”’ Pro Insight

πŸ”’ Pro insight: This incident underscores the ongoing tension between corporate interests and the need for transparency in cybersecurity research.

FDFull Disclosure
Read Original

Share

Related Pings

Preview image for EFF Challenges App Store Liability in Ninth Circuit Again
Regulation
HIGH

EFF Challenges App Store Liability in Ninth Circuit Again

The EFF is back in court, defending app stores from liability for user-generated content. This case could impact how online platforms manage user speech. A ruling against app stores may lead to increased censorship across the internet.

EFEFF Deeplinks
Read PingRead Source
Preview image for FTC’s New Strategic Plan - Lacks Consumer Protection Focus
Regulation
MEDIUM

FTC’s New Strategic Plan - Lacks Consumer Protection Focus

The FTC's new strategic plan for 2026-2030 has drawn criticism for lacking ambition in consumer protection. It removes essential metrics and ignores vulnerable populations, raising concerns about corporate accountability. Advocacy groups are urging the FTC to prioritize consumer welfare.

EPEPIC Electronic Privacy
Read PingRead Source
Preview image for Vendor Diversification - Enhancing Supply Chain Resilience
Regulation
LOW

Vendor Diversification - Enhancing Supply Chain Resilience

Organizations are encouraged to diversify their vendor relationships to enhance security and mitigate risks. This strategy helps avoid reliance on single suppliers, improving operational resilience.

CCCanadian Cyber Centre News
Read PingRead Source
Preview image for SEC Cybersecurity Disclosure Rules - What Leaders Must Know
Regulation
HIGH

SEC Cybersecurity Disclosure Rules - What Leaders Must Know

The SEC has introduced new cybersecurity disclosure rules affecting public companies. Understanding these changes is crucial for compliance and investor protection. Security leaders must adapt to these evolving regulations to enhance their cybersecurity strategies.

SCSC Media
Read PingRead Source
Preview image for Copyright Best Practices - DMCA Guidance for Fediverse Operators
Regulation
MEDIUM

Copyright Best Practices - DMCA Guidance for Fediverse Operators

Fediverse operators need to navigate copyright risks carefully. This guide provides essential DMCA best practices to help limit legal exposure from user-uploaded content. Protect your platform effectively!

EFEFF Deeplinks
Read PingRead Source
Preview image for Bridewell Achieves Level 2 Defence Cyber Certification
Regulation
MEDIUM

Bridewell Achieves Level 2 Defence Cyber Certification

Bridewell has achieved Level 2 Defence Cyber Certification, strengthening cybersecurity in the UK defence supply chain. This milestone enhances national security and sets a standard for others.

ISIT Security Guru
Read PingRead Source