[DigitalToday reporter Seulgi Son (손슬기)] Chinese e-commerce platform AliExpress (Ali) was later found to have been robbed of about 8.6 billion won in settlement funds in a large-scale hacking incident that occurred in October last year. It denies allegations that it submitted false information to relevant authorities during the process of dealing with the incident.

According to the office of Lee Hae-min (이해민), a lawmaker from the Innovation Party affiliated with the National Assembly’s Science, ICT, Broadcasting and Communications Committee, the hacking occurred on Ali’s seller portal from Oct. 16 to 23 last year. The hacker exploited a vulnerability in the OTP process used for password recovery and gained unauthorized access to 107 seller accounts. The hacker changed the settlement accounts of 83 of them into accounts in their own name and stole a total of $6 million, or about 8.6 billion won.

AliExpress Korea said it detected unauthorized access through internal monitoring in October last year and immediately blocked it. It said there was no leakage of customer personal information or consumer information at all.

It also stressed a compensation plan as part of responsible management. Ali said it paid the full settlement amounts by Oct. 20 to sellers who suffered damage from delayed settlements. It said it additionally compensated twice the applicable interest rate for delayed interest to ensure there was no real financial loss. It said it has now completed strengthening two-factor authentication and upgrading its security monitoring system.

Despite financial compensation, there is controversy over administrative procedures. Ali marked "yes" for whether it reported the case to police on a Korea Internet & Security Agency (KISA) report, but it was confirmed there was no report to an investigative agency. Ali said it judged that a police report was not mandatory.

Gmarket, which established a joint venture with Ali, said its data management system is completely separate and is unrelated to the incident.