The consensus in Chinese community is while this is likely how the token got leaked, this alone isn't enough. To visit private Alibaba Cloud instance you can't just use some random IP. It's isolated from the Internet in certain way.
And we all know isolations based on network perimeter eventually falls apart, and because it encourages insecure opsec practices like this, people are going to have a big surprise when it happens.
