Seller Settlement Account Information Hacked in October Last Year
Settlement Account Details Altered, Causing 8.6 Billion Won Payment Delay
Aliexpress: "All Settlement Funds Fully Paid... Additional Compensation Provided"
It has been confirmed that seller information was hacked on the Chinese e-commerce platform Aliexpress in October last year, resulting in the delay of settlement payments amounting to billions of won.
According to the "Aliexpress Incident Report" received by Assemblywoman Lee Haemin of the National Assembly's Science, ICT, Broadcasting, and Communications Committee from the Korea Internet & Security Agency on the 20th, Aliexpress detected the possibility of unauthorized access by a hacker to its seller online portal, which is hosted in Singapore, on October 16 last year. This seller portal allows sellers to log in and view their business account information.
On October 24 of the same month, Aliexpress conducted an internal investigation and confirmed evidence of unauthorized third-party access to 107 accounts within the Seller Center. Of these, settlement account information for 83 sellers was illegally altered, resulting in delayed payment of settlement funds.
The total amount of unpaid settlement funds reached 6 million US dollars (approximately 8.6 billion won).
However, according to the company, there was no access to or leakage of customer personal data or consumer information.
It is reported that the hacker registered their own settlement account with the intention of intercepting platform settlement funds. The hacker appears to have exploited a vulnerability in the one-time password (OTP) process used for portal account password recovery to carry out the attack.
After confirming the facts, Aliexpress Korea modified the OTP system exploited by the hacker and activated additional re-verification procedures for settlement account information to prevent recurrence.
The full settlement funds for affected sellers were paid out by the 20th of the same month. Regarding interest losses due to payment delays, additional compensation equivalent to twice the applicable interest rate was paid on the 27th of the same month.
Meanwhile, Aliexpress Korea submitted an application for Information Security Management System (ISMS) certification as a voluntary applicant in June last year. The on-site inspection has already been completed, and a review report will soon be submitted to the Korea Internet & Security Agency (KISA) Certification Committee.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Parisians Cooking Pork Ribs... Korean Skincare Before Bed [K-Wave 3.0] ②](https://cwcontent.asiae.co.kr/asiaresize/319/2026010516081279267_1767596893.jpg)
