• Military
• WMD

• Intelligence Menu               

• Systems
• Operations
• Countries
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Imagery
• Links

• Homeland Security
• Space

China's state security ministry warns against personal data theft by foreign espionage in online shopping

Global Times

By Global Times Published: Oct 24, 2025 03:10 PM

The Ministry of State Security (MSS) said on Friday that some online-shopping processes could be exploited by foreign intelligence agencies to steal sensitive information.

The ministry urged the public to heighten security awareness while enjoying the convenience of e-commerce, according to a post seen on the ministry's WeChat account.

The ministry pointed out that location data provided for delivery, which helps create detailed location profiles, could be exploited as a tool by foreign intelligence services for espionage activities.

Some online shopping apps and mini programs automatically mark sensitive sites and specific coordinates on delivery maps to obtain precise locations, the MSS said.

They will even conduct correlation analysis based on information such as purchase frequency, product preferences, and social connections to form user profiles of specific regions or locations, according to the report.

The ministry warned that such seemingly ordinary business data could, if stolen, become a gateway for foreign spy agencies with ulterior motives to conduct espionage, infiltration, or cyber-attacks once stolen.

The MSS also cautioned that facial-recognition payment systems may pose risks of biometric-data theft.

While vending machines allow easy purchases via QR code scanning or "face-swipe" payments, are often equipped with audio and video recording capabilities, biometric recognition modules, and technologies such as dynamic facial recognition and infrared imaging. These technologies can collect facial features of passersby and iris patterns of users, according to ministry.

Some devices, after capturing facial data, may further request users to provide personal information such as phone numbers, gender, and date of birth. If the backend information systems have security vulnerabilities, they could be hacked, leading to data breach risks.

Considering that digitalization may pose risks, the ministry urged practitioners in the electronic retail industry to clearly define the legal boundaries of data collection, refrain from excessively collecting sensitive information, and strictly prohibit the use of user data in non-essential scenarios.

The ministry also called on businesses to strengthen technical safeguards and carry out regular data security reviews to prevent data interception or the implantation of backdoor programs, the report said.

Consumers are advised to boost their privacy awareness when leasing or purchasing electronic retail products, the ministry said. They should exercise caution regarding unreasonable requests from suppliers, such as the over-collection of biometric information.