Baidu’s Fintech Unit Accused of Security Failings Following Misappropriation of Accounts
Internet giant Baidu has come under fire following allegations that its financial services unit is vulnerable to serious security breaches which permit the misappropriation of people’s accounts.
Investor Journal Weekly reports that Du Xiaoman Financial (formerly Baidu Financial Services Group) has been accused of failing to prevent the misappropriation of Baidu Wallet accounts for the purpose of fraudulent borrowing, in a development which could leave victims with permanent blemishes on their credit records.
According to the report one victim who goes by the name Wang Da (王达) received an alert from his Baidu Wallet at the start of the year demanding the payment of 1201.37 yuan, despite Wang never having made use of the service.
Wang Da subsequently downloaded the Baidu Wallet app to clarify the situation, only to discover that his account information had been misappropriated by another individual.
“The Baidu account number and mobile phone number that I had used for seven or eight years had undergone real name verification by someone I don’t know and linked to her bank account, as well as used to repay funds borrowed for an EF Education First course,” said Wang
The “real name verification page” for Wang’s Baidu Wallet showed the full name of a Zhao Xiaoyue (赵晓月), and indicated that the wallet had been linked to her China Merchants Bank savings account.
While the real name and account number belonged to Zhao, the mobile phone number and email linked to the account both belonged to Wang Da.
Wang’s Baidu Wallet page further indicated that the person going by the name of Zhao Xiaoyue had used Baidu Umoney (百度有钱花) to automatically make six repayments that were each worth a total of 1210.37 yuan.
By the time that Wang received the automatic message from Baidu Wallet, Zhao Xiaoyue still owed a total of 14,524.56 yuan.
When Wang filed a complaint with Baidu Umoney, a customer services representative told him that the only way for him to resolve the problem would be to abandon the account number, since real name information was the highest level of verification.
“I’ve said to Baidu’s customer services on multiple occasions that this is a very big security hazard, yet they don’t seem to care.”
Investor Journal Weekly claims that this is not an isolated incident, with other Baidu users succumbing to similar forms of fraud involving Baidu Umoney.
Reports of incidents such as Wang’s could leave a dent in the reputation of Du Xiaoman Financial, the Baidu financial services unit that was formerly known as Baidu FSG prior to its spin off in April of this year.
Baidu sold off a majority stake in Du Xiaoman to a consortium that included TPG Capital Management LP, Carlyle Group, Taikang Group and ABC International Holdings, in order to raise more than USD$1.9 billion.
Baidu FSG was launched in 2015, and ran the Baidu Wallet payments platform as well as an online credit service and online wealth management platform. As of the end of 2017 Baidu FSG’s loan balance was 28 billion yuan.
Du Xiaoman Financial focuses in particular upon fintech applications involving artificial intelligence, while also vying against Alibaba’s Ant Financial and Tencent’s WeChat Pay in the mobile payments arena.