Cybercriminals using stolen data have targeted millions of user accounts on Alibaba's popular Taobao shopping platform.
The attackers were attempting to gain access to Taobao accounts by plugging in usernames and passwords stolen from other sources. According to China's Ministry of Public Security, the attackers had access to a database with 99 million usernames. Of those, 20.59 million matched with accounts on Taobao.
Alibaba (BABA) said it "detected these criminal attempts" when the attackers were matching the data to Taobao accounts in October. It was able to block most attempts to access the accounts, and notified users to change their login information. "Alibaba takes security seriously and we do everything possible to protect our users," the company said.
An Alibaba spokesperson said the company's system "was never breached."
Police have already arrested six suspects in the case.
Related: Who the heck is Jack Ma? Meet the man who built Alibaba
Launched in 2003, Taobao -- which means "searching for treasure" -- is similar to eBay or Etsy in allowing individuals to sell directly to consumers. It's stocked with millions of products, everything from mint green high heels to toilet seat stickers and luxury pet beds.
Alibaba shares are down over 3% so far this week, and have tumbled 20% so far in 2016.