JERUSALEM – Israeli security researchers say that personal information of millions of Alibaba users may have been exposed through flaws on the e-commerce giant's platform.
AppSec Labs says a pair of weaknesses it discovered in the Chinese e-commerce site's code could have allowed hackers to hijack merchant accounts.
"If I want to buy a $600 phone, I can change the price to a dollar and buy it," said AppSec founder Erez Metula. "I can see what people have bought, I can change the shipping address so things can be sent to me instead."
Metula said one of the flaws was discovered by a 21-year-old employee.
He says there is no indication that any user data was compromised.
Alibaba spokeswoman Molly Morgan said Tuesday that "potential vulnerabilities" flagged by AppSec had been fixed.