Alipay, an online payment and financial management service offered by Chinese e-commerce giant Alibaba, says it has improved its security control levels, shortly after netizens exposed a major login security risk.
According to news outlet ifeng.com, when Alipay users try to retrieve their forgotten passwords, one scenario is that they will be led to a series of identity verification questions, which ask them to identify photos of their friends, recently purchased items or to provide their real names and ID numbers.
Some argue that people with knowledge of such information could easily break into other users' accounts. The reporters for ifeng.com claim that they have been able to access two Alipay accounts that do not belong to them by answering these questions correctly.
In response, Alipay says the above scenario would only occur under very limited circumstances and that even if the login passcodes are retrieved, the users would not be able to gain access to the passcodes required for making actual financial transactions through Alipay.
Alipay also says it has upgraded its security settings for retrieving login passwords, which now can only be done through the users' own mobile devices.