Israeli cybersecurity researchers say that personal information of millions of Alibaba users may have been exposed through flaws on the e-commerce giant’s platform.
AppSec Labs said a weakness an employee discovered in the Chinese e-commerce site’s code could have allowed hackers to hijack merchant accounts.
“If I want to buy a $600 phone, I can change the price to a dollar and buy it,” said AppSec founder Erez Metula. “I can see what people have bought, I can change the shipping address so things can be sent to me instead.”
Metula said one of the flaws was discovered by a 21-year-old employee, Barak Tawily. He said there was no indication that any user data was compromised.
Amitay Dan, founder of information-security company Cybermoon, said he discovered another flaw that compromised Alibaba users’ personal data, and that Alibaba fixed the flaw after he alerted the company.
Alibaba spokeswoman Molly Morgan said Tuesday that both “potential vulnerabilities” had been fixed. “We will do everything we can to continue to ensure a secure trading environment on our platforms,” she said.
The flaws were first reported by Israel’s Channel 10.
Alibaba raised $25 billion in September in the New York Stock Exchange in the largest ever initial public offering.
Alibaba operates such popular e-commerce platforms as Taobao and Tmall in China. Alibaba’s platforms account for some 80 percent of Chinese online commerce.