Flaw in Alibaba’s international e-commerce site put merchants at risk

An Israeli security firm has found a security flaw in Alibaba Group’s international marketplace that could have wreaked havoc for the scores of merchants on the site.

AliExpress is a growing English language e-commerce site from the Chinese company that serves various foreign markets including the U.S., Russia and Brazil. But in late October, a researcher from security firm AppSec Labs found a vulnerability that could allow an attacker to hijack a merchant’s account.

The flaw would have let an attacker alter product prices, delete goods, and even close the merchant’s shop on the site, said AppSec founder Erez Metula on Wednesday in an interview. “They could change the price from a couple hundred dollars to one dollar, and so the bad guy could buy the product cheap,” he added.

To read this article in full or to leave a comment, please click here