Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Info on millions of AliExpress customers could have been harvested due to site flaw

Info on millions of AliExpress customers could have been harvested due to site flaw

2014/12/09

Help Net Security - (International) A security researcher identified and reported a flaw in the AliExpress online marketplace that could have allowed a logged-in user to exploit an insecure direct object reference vulnerability to view other users' names, addresses, and phone numbers. Alibaba, parent company of AliExpress, closed the vulnerability after the researcher's report.

Source: http://www.net-security.org/secworld.php?id=17741

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:22:43