Neither here nor there....
Lovely! Then again...Russian e-commerce site...
Global threads bazaar AliExpress, an offshoot of global tat bazaar AliBaba, has patched a URL flaw that allowed attackers to harvest users' personal details including names, shipping addresses and phone numbers. The insecure direct object reference vulnerability reported by an unnamed researcher affected 7.7 million logged-in …
I'm pretty sure it's chinese... not that it is limited to any country...
I've seen a similar issue on Santander's online banking. Enter a sort code and account number for a standing order and it automatically filled in their account name for you! They fixed that one very quickly.
Tried to use the sister site Alibaba to order some computers. I was soon getting mails from people purporting to be the original supplier offering increasingly lower prices.
I was a bit suspicous and checked with the factory Global sales manager, who told me the mails were bullshit, because they don't do electronics, just clothing and textiles. Nice
Beware.
I've used the site to get some very good buys. Yes, I get quite a few e-mails from them, but I don't look at that kind of stuff beyond to see where it's from. Anyway, AliExpress is a good place in my experience. They're part of Alibaba Group Holding Limited which, for those that don't shop on-line or get out much, is a Chinese company and very large by our western standards.
AliExpress is most definitely Chinese. I use them to get repair parts for a variety of gear, replacement tablet screens being the latest. Pretty damn nice people (or ruthless managers, both?) making sure that I'm satisfied with the transaction at the end of the day. Way cheaper than sending the devices off to be repaired if you're up for this kind of thing. No customs, no shipping, no tax. For me (US, California), what's not to like?
I've not used AliExpress myself... but I have ordered a few very cheap things through Amazon resellers that have actually been shipped direct from China. Should I worry that perhaps these resellers just re-enter my shipping details (and potentially payment) on another site?