Blog

Alibaba Marketplace Vulnerability Threatens Security of a Million Users

Olivia Dehaviland | December 13th, 2014 | News

A security firm of Israeli application, AppsSec Labs, found a Cross Site scripting (XSS) vulnerability in AliExpress. It has found a security flaw in Alibaba marketplace, a vulnerability that could have wreaked havoc for the scores of merchants on the site.  As per the info provided by Israeli security researchers, Alibaba Group Holding Ltd’s online marketplace-AliExpress- has critical security flaws that can expose data of millions of merchant’s and shopper’s at risk, a security breach that will break the records of decades.

alibaba-e-commerce

AliExpress is a growing online marketplace owned by Chinese E-Commerce giant Allibaba.com, also known as “Google in China”. The company serves more than 350 Million active users from more than 200 countries, including the U.S., Russia, and Brazil. This company allows international customers to purchase goods from Chinese merchants. The complement mode of their quoting system had a flaw that would have allowed someone to alter other’s orders or access their personal and banking details, according to security firm AppsSec Labs.

Using AliExpress XSS (Cross-Site-Scripting) vulnerability an attacker can add any malicious payload script as a value into the message parameter, and when the merchant will browse to the message center in AliExpress website using his account details, the malicious script will be automatically executed in the supplier’s browser.

According to Alibaba board members: “We all are aware of the issue and took instant steps to assess and remedy the situation. We have already closed the Alibaba Marketplace Vulnerability and we will continue to thoroughly monitor the situation. The security and privacy of our customers is our highest priority and we will do everything to secure shoppers at risk.”