Data leakage of Polish AliExpress customers – potentially several hundred thousand people

aliexpress leaking Poland

Big problem.

Every month, an increasing number of Poles use AliExpress. Shopping in China is convenient, cheap, and the product offer of a popular website is colossal. In the event of any data leakage, potentially millions of people may suffer. This time thousands of Poles are injured. informs that via the website PostalNinja, enabling tracking of shipments, it was easy for some time read customer service data. Parcel tracking numbers from AliExpress are very similar and are in the range PL00000001XXXX – PL0000008XXXXXX. By entering "randomly" at different package numbers, one could get to know the sensitive data of the ordering party.

Among the data that appeared on the network could be read the name of the recipient, his address, as well as the weight of the package. Of course, anyone could also access the route of the shipment.

aliexpress leak

Theoretically, you could read information on even 800,000 packages from AliExpress. In practice, this number may have been slightly smaller, which does not change the fact that it was very large. These are only shipments sent via SinoAir between October and December 2019. The hot pre-Christmas period certainly prompted many Poles to shop.

Postal Ninja has already deleted data from the network, and basically censored them. Currently, after entering the package number, you can only see the first three letters of the consumer's name and the rest of the information has disappeared. In theory, you can know the package contents by your order number. In theory.

It is not known if the data has been copied and placed elsewhere in the network.

Source: Zaufanatrzeciastrona