Alibaba security risk

 

crime, thief, cyber crime, online crime, data, crime, stealing, robberIsraeli cybersecurity researchers say that personal information of millions of Alibaba users may have been exposed through flaws on the e-commerce giant’s platform.

AppSec Labs on Tuesday said a weakness an employee discovered in the Chinese e-commerce site’s code could have allowed hackers to hijack merchant accounts.

“If I want to buy a $US600 phone, I can change the price to a dollar and buy it,” said AppSec founder, Erez Metula, said.

“I can see what people have bought, I can change the shipping address so things can be sent to me instead.”

Metula said one of the flaws was discovered by a 21 year old employee, Barak Tawily.

He said there was no indication that any user data had been compromised.

Amitay Dan, founder of information security company, Cybermoon, said he discovered another flaw that compromised Alibaba users’ personal data, and that Alibaba fixed the flaw after he alerted the company.

Alibaba spokeswoman Molly Morgan on Tuesday said that both “potential vulnerabilities” had been fixed.

The flaws were first reported by Israel’s Channel 10 TV.

Alibaba raised $US25 billion ($A27.05 billion) in September in the New York Stock Exchange in the largest ever initial public offering.

Alibaba operates such popular e-commerce platforms as Taobao and Tmall in China. Alibaba’s platforms account for some 80 per cent of Chinese online commerce.

AP

You have 7 articles remaining. Unlock 15 free articles a month, it’s free.