View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 11, 2014

Major security flaw discovered in Alibaba’s AliExpress

Credit card details were not affected by the flaw.

By CBR Staff Writer

A security flaw in AliExpress, Alibaba’s international marketplace, could expose customer data and put merchants at risk.

AppSec Labs, an Israeli application security firm, found the flaw in AliExpress which helps Chinese merchants sell their products to overseas customers.

The flaw could allow hackers to get into merchant’s online shop and tweak product prices, alter shipments or shut down the shop itself.

It also added that hackers could also expose details about product orders and shipping address, which could put customers in a vulnerable spot.

The Wall Street Journal reported Alibaba’s email statement as saying: "We are aware of the issue and took immediate steps to assess and remedy the situation."

"We have already closed the potential vulnerability and we will continue to closely monitor the situation."

"The security and privacy of our customers is our highest priority and we will do everything we can to continue to ensure a secure trading environment on our platforms."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

AppSec founder Erez Metula said that the vulnerability mostly affected merchants, with credit card details immune to the flaw.

The Chinese e-commerce giant said that it was unaware about the existence of such a problem and has not received any reports about problems that might have occurred to merchants or customers in regards to the security issue.

AliExpress, which is reportedly a small part of Alibaba’s business, earns most of its revenue from the company’s online marketplaces Taobao and Tmall.

AppSec also added that it was unaware of any issues with Tmall and Taobao as it has not investigated the websites.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.