Researchers Find Security Holes On Alibaba’s Marketplace

A security hole in Alibaba’s international marketplace AliExpress could have let attackers hijack merchants’ online shops, an Israeli security research company said Wednesday (Dec. 10). Alibaba said it has now fixed the problem, Reuters reported.

AppSec Labs researchers said the weakness they found could allow attackers to change prices, alter shipment details and shut down an AliExpress shop, according to AppSec founder Erez Metula. Attackers could also see shoppers’ shipping addresses and details about when and where orders were placed. “We would describe this as critical as it can affect any merchant,” Metula said.

However, payment-card details were not exposed by the flaw, he said.

Metula said his company had been trying to notify Alibaba about the problem since October, but that the company was difficult to reach. Alibaba said the company acted quickly once “the appropriate teams were made aware of the issue,” and has closed the security hole. The Chinese ecommerce giant also said that, to the company’s knowledge, no user data was exposed and it hasn’t received reports or complaints from merchants or users that could have been related to these security flaws and none of its sites besides AliExpress were affected by the flaw.

But Alibaba also did not directly respond to questions about how long the problems existed or whether anyone had exploited the vulnerabilities before they were fixed.


Latest Insights: 

The Which Apps Do They Want Study analyzes survey data collected from 1,045 American consumers to learn how they use merchant apps to enhance in-store shopping experiences, and their interest in downloading more in the future. Our research covered consumers’ usage of in-app features like loyalty and rewards offerings and in-store navigation, helping to assess how merchants can design apps to distinguish themselves from competitors.

Click to comment


To Top