Ant Group has successfully pressured Tencent to delete four security research articles documenting critical vulnerabilities in Alipay, despite an initial rejection of the complaint by WeChat. The censorship occurred after the researchers disclosed 17 vulnerabilities (CVSS 7.4-9.3) involving whitelist bypasses and unauthorized GPS location exfiltration. While the vendor dismissed the findings as "normal functionality," the research has been formally acknowledged by MITRE with 6 CVEs and is under review by multiple international regulatory bodies.
The escalation highlights a growing trend of legal and platform-based retaliation against security researchers. The documentation includes evidence of cease-and-desist orders and server-side blocking of proof-of-concept traffic. This case has been added to the disclose.io researcher threats database, serving as a case study on the challenges of responsible disclosure when facing corporate suppression in specific jurisdictions.
Top comments (0)