To Customer Support To Customer Support

AliExpress WebSite Vulnerability Exposes Millions of Users' Private Information

  • 8 December 2014
  • 2 replies
  • 990 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Sunday, December 07, 2014 Wang Wei
 


 
 
A critical, but easily exploitable personal information disclosure vulnerability has been discovered in the widely popular online marketplace AliExpress website that affects its millions of users worldwide. 
  
The reported vulnerability could allow anyone to steal personal information of hundreds of millions of AliExpress users without knowing their account passwords. 
  
AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com, which offers more than 300 Million active users from more than 200 countries and regions to order items in bulk or one at a time at low wholesale prices. Full Article 

2 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Names, addresses and phone numbers make ripe phish food

By Darren Pauli, 9 Dec 2014  Global threads bazaar AliExpress, an offshoot of global tat bazaar AliBaba, has patched a URL flaw that allowed attackers to harvest users' personal details including names, shipping addresses and phone numbers.
The insecure direct object reference vulnerability reported by an unnamed researcher affected 7.7 million logged-in users for AliExpress, the online retail wing of AliBaba that's the most visited e-commerce site in Russia.
 The researcher demonstrated the flaw to news site The Hacker News, noting that attackers could harvest personal data en masse using a script to pull the 'mailingAddress.htm' page for numbers between 1 to 99,999,999,999 under the 'mailingAddressId' value.
 
Full Article
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
by Pierluigi Paganini on December 11th, 2014http://securityaffairs.co/wordpress/wp-content/uploads/2014/12/Alibaba-IPO-300x221.jpg  

Numerous vulnerabilities in Alibaba’s eCommerce platform compromised the account details of millions of Merchants and shoppers according to Israel cyber security Experts. Alibaba has patched up the flaws and is urging its customers to update their accounts accordingly.

If you can’t afford a $600 product from an online store, why not change the price to $1? This is a typical decision customers to Alibaba’s online stores had to make on a daily basis that is, before a vulnerability discovered by Israel cyber security researchers was patched.
The security flaw allowed a malicious hacker to alter the shipping address and have purchased product delivered directly to them therefore compromising the security of millions of merchants and shoppers to the Chinese online store.
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.