Alibaba, the $US25 billion ($A27.05 billion) Chinese internet and ecommerce super portal that broke all records when it floated on the New York stock exchange earlier this year, looks to have embarrassing chinks in its armour.
Israeli cybersecurity researchers say that personal information of millions of Alibaba users may have been exposed through flaws on the e-commerce giant’s platform.
AppSec Labs say a weakness an employee discovered in the Chinese e-commerce site’s code could have allowed hackers to hijack merchant accounts.
“If I want to buy a $US600 phone, I can change the price to a dollar and buy it,” said AppSec founder Erez Metula said. “I can see what people have bought, I can change the shipping address so things can be sent to me instead.”
Metula said one of the flaws was discovered by a 21-year-old employee, Barak Tawily. He said there was no indication that any user data had been compromised.
Amitay Dan, founder of information security company Cybermoon, said he discovered another flaw that compromised Alibaba users’ personal data, and that Alibaba fixed the flaw after he alerted the company.
Alibaba spokeswoman Molly Morgan on Tuesday said that both “potential vulnerabilities” had been fixed.
The flaws were first reported by Israel’s Channel 10 TV.
Alibaba operates such popular e-commerce platforms as Taobao and Tmall in China. Alibaba’s platforms account for some 80 per cent of Chinese online commerce.