Israeli researchers find flaw in Alibaba site

Alibaba's rise: Success and setbacks
In this April 21, 2013 photo, Jack Ma, chairman of the world's largest e-commerce group Alibaba, poses during a show at the annual Summit of China Green Companies in Kunming, in southwestern China's Yunnan province. Even before Alibaba went online, the founder talked about making the fledgling e-commerce company a global player. (AP Photo)

Israeli cybersecurity researchers say that personal information of millions of Alibaba users may have been exposed through flaws on the e-commerce giant's platform.

AppSec Labs said a weakness an employee discovered in the Chinese e-commerce site's code could have allowed hackers to hijack merchant accounts.

"If I want to buy a $600 phone, I can change the price to a dollar and buy it," said AppSec founder Erez Metula said. "I can see what people have bought, I can change the shipping address so things can be sent to me instead."

Metula said one of the flaws was discovered by a 21-year-old employee, Barak Tawily. He said there was no indication that any user data was compromised.

Amitay Dan, founder of information security company Cybermoon, said he discovered another flaw that compromised Alibaba users' personal data, and that Alibaba fixed the flaw after he alerted the company.

Alibaba spokeswoman Molly Morgan said Tuesday that both "potential vulnerabilities" had been fixed. "We will do everything we can to continue to ensure a secure trading environment on our platforms," she said.

The flaws were first reported by Israel's Channel 10 TV.

Alibaba raised $25 billion in September in the New York Stock Exchange in the largest ever .

Alibaba operates such popular e-commerce platforms as Taobao and Tmall in China. Alibaba's platforms account for some 80 percent of Chinese online commerce.

Explore further

Alibaba IPO to boost employee fortunes to $8 bn

© 2014 The Associated Press. All rights reserved.

Citation: Israeli researchers find flaw in Alibaba site (2014, December 9) retrieved 25 May 2022 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors