(Chinese Version)

On August, 2nd, a Chinese Weibo user posted a Weibo post and revealed that his Baidu Cloud account, strangely, seemed to become others’.

"Almost overnight, my Baidu Cloud was surprisingly filled with porn videos, while my own files were all gone."

For some Weibo users, the “surprise” became something to make fun of, and some Weibo user even asked, jokingly, why they weren’t lucky enough to encounter such thing.

However, if I tell you that the “surprise” was actually caused by internet underground market gangs who was known for stealing data and committing cybercrime, will you still make fun of it?

After some research, we find that stealing user accounts is quite common in the Chinese internet underground market, and Baidu Cloud accounts that are filled with porn videos were sold openly by some shop owners on Taobao.

Filled with porn videos overnight?

“It turns out that I’m not the only one who’s account was stolen…” some user commented under the Weibo post mentioned above. According to Kiki, a Weibo user from Hebei province, his Baidu Cloud account was filled with ten folders of porn videos in the end of July, while his own files were moved into the Junk folder.

“I seldom logged onto my Baidu Cloud account, at most once or twice a week,” Kiki said. He found that his account was stolen when Baidu reminded him that his account was logged in remotely.

However, his account was again logged in by somebody whose IP address was Wuhu Hefei of Anhui province at 10:00 PM that night and 02:00AM the next morning. “I guess they must upload these videos during this period of time,” he speculated.

However, Kiki has never been in Anhui province. After the remote login, eight new folders were added to his Baidu Cloud account, each of them was filled with porn videos. There were altogether over a couple hundred porn videos. At the same time, his own files could not be found anywhere.

To get back his own files, Kiki contacted with Baidu Cloud’s customer service center and deleted these videos immediately.

Yet, three days after he issued the complaint, his Baidu Cloud account was banned. “I’m the victim, but why should Baidu punish me?” Kiki didn’t know exactly what happened to his account.

As a matter of fact, a greater number of people have encountered such “surprise” before as we went through comments on Weibo and Zhihu. The common feature of all the victim is that their account was filled with porn videos until they got the Remote Login notice from Baidu, that all their accounts name and passwords were their email addresses and phone numbers, and that they’ve used the similar combination of account names and passwords on other internet platforms.

Thus, they don’t know exactly which of their accounts were stolen at the very beginning.

20 yuan per account?

However, they never expect that their stolen accounts were possibly sold on e-commerce platforms.

Baidu Cloud accounts that are filled with porn videos are sold at very low price on Taobao and other e-commerce platforms

After our research, we find that around ten shop owners were selling these stolen accounts on Taobao and in QQ Groups, and these accounts are commonly filled with porn videos.

Based on a piece of ad posted by one shop owners, the price of Baidu Cloud accounts with 4,000 porn videos is 25 yuan, while the price of accounts filled with 6,000 porn videos is 50 yuan (updated on a monthly basis). Moreover, the price of accounts with 15,000 porn videos is 88 yuan (updated on a regular basis), while the price of accounts with 20,000 porn videos is 100 yuan (updated every day).

In addition, the price of different types of Baidu Cloud accounts also differs. For example, some shop owners sell one-time Baidu Cloud account for 1.99 yuan, and these accounts will become invalid automatically 24 hours after being sold.

As far as we’ve discovered, these shop owners steal Baidu Cloud accounts with the help of “Scan Account” software. They can steal an account as fast as every ten seconds, and then fill these accounts with porn videos. The average used storage of these accounts is around 1,000G.

Scan Account software is to be blame

In fact, “Scan Account” software, commonly developed by some hackers, is quite popular in the internet underground market. These kinds of software can steal accounts registered with simple combination of emails and phone numbers. The price of such software is 10 yuan for a week’s service, 28 yuan for a month’ service, while the price of lifetime VIP service is 999 yuan.

“Generally, accounts stolen by such software are seldom used,” a shop owner who sells Baidu Cloud accounts told Vittimes, “The software can tell if an account is frequently or not and steal only those not frequently used.”.

Even though, there is possibility that some accounts are still used (2%). So when they find out that their accounts are stolen and filled with porn videos, they would issue complaint to Baidu and delete the porn videos.

However, it is easier to get away from Baidu Cloud’s detection when stealing these accounts, with simple combination of emails and phone numbers, compared to common registered accounts. “Recently, Baidu tightened its detection and an increasing number of these stolen accounts were banned,” a shop owner told Vittimes, “That’s why some shop owners begin to sell one-time accounts that become invalid automatically 24 hours after being sold.”

As a matter of fact, Baidu Cloud accounts are never the sole target of these Scan Account software. Weibo Cloud, Momo and Taobao accounts are also some of the common targets. After all, if users use the same combination of emails and phone numbers for different internet platforms, then it’s no difficult thing for these software to steal their accounts on other platforms.

Considering such theft possibility, Baidu Cloud’s official response is: Highly recommend users linking Baidu Cloud account with their phone numbers, so that you can change your password in time after being reminded of possible theft behavior such as remote login, changing passwords into more complicated ones, checking Junk Folder in time to see if any file is deleted by mistake, and restoring them before being permanently deleted.

…………………………………………………………………………………………………

（Like our Facebook page and follow us now on Twitter @tmtpostenglish, Medium @TMTpost, Instagram @tmtpost_english and Apple News @TMTpost）

[The article is published and edited with authorization from the author @vittimes, please note source and hyperlink when reproduce.]

Translated by Levin Feng (Senior Translator at PAGE TO PAGE), working for TMTpost.