A major security flaw in an Alibaba marketplace exposed millions to hackers, according to an Israeli research firm.
AliExpress, which allows international consumers to buy goods from Chinese merchants, had a flaw that would have allowed someone to alter others' orders or access their personal and banking details, according to security firm AppSec Labs. Alibaba told the Wall Street Journal that it had fixed the problem.
"We would describe this as critical as it can affect any merchant," AppSec founder Erez Metulasaid told the Journal. "Since this is a high-profile site like Alibaba, there are lots of shops there and people using it are also connected to other systems." Credit card details, however, were not exposed by the flaw, he said.
Alibaba told the paper that the company has closed the AliExpress vulnerability, and that the company was not aware of similar security problems on its other marketplaces.