FB Pixel no scriptAfter USD 533 million antitrust fine, Meituan faces public criticism for alleged account security flaw | KrASIA

After USD 533 million antitrust fine, Meituan faces public criticism for alleged account security flaw

Written by Mengyuan Ge Published on   2 mins read

A loophole makes it possible for malicious actors to take over accounts on Meituan and Dianping.

Meituan is in the crosshairs of one of the most outspoken voices on Chinese social media, opening up a wave of criticism against the platform from the general public. Wang Sicong, the son of tycoon and real estate conglomerate Wanda’s founder Wang Jianlin, took to Weibo on Sunday to rebuke the company after he lost control of his account on Dianping, a restaurant reviews platform that is operated by Meituan.

The complaint raised public concern over the security measures of Meituan and its affiliated apps. This is a matter of prime importance to Chinese consumers as Dianping is part of Meituan’s collection of consumer apps. When user information is modified on Dianping, account information in other apps, like Meituan’s flagship food delivery platform, syncs up and is changed too.

Wang posted a screenshot that suggests he was forced to log out of Dianping after the phone number associated with his account was altered. He said he did not initiate the change.

A few hours later, Dianping replied to Wang’s post on Weibo, saying that his account has been frozen and that the matter is being investigated.

There is precedent in users losing control of their accounts on Meituan and Dianping. A Weibo blogger named XuanyuxuanSir said that Meituan’s app has a major security loophole that makes accounts on the platform vulnerable to hackers. Users can change the associated phone number of an account by providing the account holder’s birth date and previous phone number.

XuanyuxuanSir posted a video where he did precisely that. The entire process took less than two minutes and he was able to access all functionalities and private information after making changes to an account.

“I just tried, the whole process went smoothly,” XuanyuxuanSir said. “Wang Sicong’s account may have been stolen this way,” he said in a Weibo post.

KrASIA attempted to replicate the process, but this function is now only available for users who have modified their account’s associated phone number in the past six months.

Meituan did not immediately reply to KrASIA’s requests for comment.

Meituan is China’s biggest on-demand local services provider. It was fined RMB 3.44 billion (USD 533 million) by China’s State Administration for Market Regulation (SAMR) on Friday for abusing its dominant market position to coerce F&B establishments into leaving rival platforms. The fine marked the end of a months-long antitrust probe into Meituan’s business operations.


Auto loading next article...