AppSec Labs, an Israeli application security firm, has found a security flaw with Alibaba. The personal information of millions of Alibaba users was put at risk, the company says.
The weakness was found in the Chinese e-commerce site’s code. AppSec founder Erez Metula explained the implications of the flaw to AP saying, “If I want to buy a $600 phone, I can change the price to a dollar and buy it. I can see what people have bought, I can change the shipping address so things can be sent to me instead.”
21 year old AppSec employee, Barak Tawily, uncovered one of the problems.
AppSec informed Alibaba of the problem but did not get an immediate response in spite of the gravity of the situation. “I think maybe it had something to do with the language barrier, ” Metula said. “We don’t understand Chinese, and maybe they didn’t understand our email, which was in English.”
Alibaba released an e mail statement declaring, “We are aware of the issue and took immediate steps to assess and remedy the situation. We have already closed the potential vulnerability and we will continue to closely monitor the situation. The security and privacy of our customers is our highest priority and we will do everything we can to continue to ensure a secure trading environment on our platforms.”
AppSec Labs declares its mission to be to raise awareness of the software development world to the importance of integrating software security across the development lifecycle.