Sunday, December 07, 2014 Wang Wei
A critical, but easily exploitable personal information disclosure vulnerability has been discovered in the widely popular online marketplace AliExpress website that affects its millions of users worldwide.
The reported vulnerability could allow anyone to steal personal information of hundreds of millions of AliExpress users without knowing their account passwords.
AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com, which offers more than 300 Million active users from more than 200 countries and regions to order items in bulk or one at a time at low wholesale prices. Full Article
Names, addresses and phone numbers make ripe phish food
By Darren Pauli, 9 Dec 2014 Global threads bazaar AliExpress, an offshoot of global tat bazaar AliBaba, has patched a URL flaw that allowed attackers to harvest users' personal details including names, shipping addresses and phone numbers.The insecure direct object reference vulnerability reported by an unnamed researcher affected 7.7 million logged-in users for AliExpress, the online retail wing of AliBaba that's the most visited e-commerce site in Russia.
The researcher demonstrated the flaw to news site The Hacker News, noting that attackers could harvest personal data en masse using a script to pull the 'mailingAddress.htm' page for numbers between 1 to 99,999,999,999 under the 'mailingAddressId' value.
Full Article
by Pierluigi Paganini on December 11th, 2014http://securityaffairs.co/wordpress/wp-content/uploads/2014/12/Alibaba-IPO-300x221.jpg Numerous vulnerabilities in Alibaba’s eCommerce platform compromised the account details of millions of Merchants and shoppers according to Israel cyber security Experts. Alibaba has patched up the flaws and is urging its customers to update their accounts accordingly.
If you can’t afford a $600 product from an online store, why not change the price to $1? This is a typical decision customers to Alibaba’s online stores had to make on a daily basis that is, before a vulnerability discovered by Israel cyber security researchers was patched.
The security flaw allowed a malicious hacker to alter the shipping address and have purchased product delivered directly to them therefore compromising the security of millions of merchants and shoppers to the Chinese online store.
Numerous vulnerabilities in Alibaba’s eCommerce platform compromised the account details of millions of Merchants and shoppers according to Israel cyber security Experts. Alibaba has patched up the flaws and is urging its customers to update their accounts accordingly.
If you can’t afford a $600 product from an online store, why not change the price to $1? This is a typical decision customers to Alibaba’s online stores had to make on a daily basis that is, before a vulnerability discovered by Israel cyber security researchers was patched.The security flaw allowed a malicious hacker to alter the shipping address and have purchased product delivered directly to them therefore compromising the security of millions of merchants and shoppers to the Chinese online store.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.