Lazada
Company Details
Linkedin ID:
lazada
Website:
Employees number:
21,422
Number of followers:
1,271,072
NAICS:
5112
Industry Type:
Homepage:
lazada.com
IP Addresses:
0
Company ID:
LAZ_9818551
Scan Status:
In-progress
Lazada Company CyberSecurity Posture
lazada.com
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.
Lazada A.I CyberSecurity Scoring
Lazada Risk Score (AI oriented)Between 800 and 849
Lazada
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Lazada Global Score (TPRM)XXXX
Lazada
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Lazada Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Alibaba.com
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Chinese police arrested 21 suspects for theft of customer information from Alibaba Group Holding’s logistics affiliate Cainiao Network. More than 10 million pieces of client data was compromised. Compromised information includes user names, phone numbers and parcel tracking numbers. Barcode scanners used in its distribution stations had been infected with malware. Police investigation determined that none of the illegally obtained data had been shared with any third parties.
RedMart
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A customer database containing the private information of 1.1 million RedMart user accounts was breached, and this information was then sold on an internet forum. The data leak was confirmed by a representative for e-commerce behemoth Lazada, which also owns e-grocer Redmart. It was discovered that the stolen personal data included names, phone numbers, e-mail addresses, mailing addresses, passwords that were encrypted, and a portion of credit card numbers. Customers were also cautioned by Lazada to watch out for phishing emails, in which con artists pose as Lazada representatives and request critical information.
Lazada Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Lazada
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Lazada in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Lazada in 2025.
Incident Types Lazada vs Software Development Industry Avg (This Year)
No incidents recorded for Lazada in 2025.
Incident History — Lazada (X = Date, Y = Severity)
Lazada cyber incidents detection timeline including parent company and subsidiaries
Lazada Company Subsidiaries
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.
Loading...
Lazada Similar Companies
Airbnb
Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays, experiences and services that make it p
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
Meituan
Adhering to the ‘Retail + Technology’ strategy, Meituan commits to its mission that 'We help people eat better, live better'. Since its establishment in March 2010, Meituan has advanced the digital upgrading of services and goods retail on both supply and demand sides. Together with our partners we
Xiaomi Technology
Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core. Embracing our vision
Walmart Global Tech
Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail d
Snowflake
**Snowflake is proud to be the Official Data Collaboration Provider for LA28 and Team USA.** Snowflake delivers the AI Data Cloud — a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the AI Data Cloud, organizations unite
Upwork is the world’s work marketplace that connects businesses with independent talent from across the globe. We serve everyone from one-person startups to large, Fortune 100 enterprises with a powerful, trust-driven platform that enables companies and talent to work together in new ways that unloc
SAP is the leading enterprise application and business AI company. We stand at the intersection of business and technology, where our innovations are designed to directly address real business challenges and produce real-world impacts. Our solutions are the backbone for the world’s most complex and
Wolt
Wolt is a Helsinki-based technology company with a mission to bring joy, simplicity and earnings to the neighborhoods of the world. Wolt develops a local commerce platform that connects people looking to order food, groceries, and other goods with people interested in selling and delivering them. Wo
.png)
Lazada CyberSecurity News
July 22, 2025 07:00 AM
Adobe expands copyright and cybersecurity cooperation in Vietnam
Vietnam urges Adobe to expand support and ensure legal software distribution locally. On July 21, a working session was held at the Ministry of Culture, Sports...
January 28, 2025 08:00 AM
Here’s what you should do if your customer data is breached online
Customer data breaches can happen to anyone, but there are ways to defend against or mitigate such incidents.
January 26, 2025 08:00 AM
Northstar went dental🦷, Google fined 💸, eFishery fraud unfolds🤯, secondary exits trending?
Dear readers,. It's a long Lunar New Year break here in Indonesia, but we are still excited to share the latest updates from Indonesia's...
January 23, 2025 08:00 AM
The mounting landscape of phishing scams in Malaysia
Phishing scams in Malaysia are emerging again and evolving as cyber security threats, with attackers employing increasingly sophisticated techniques to exploit...
November 25, 2024 08:00 AM
Urgent warning to shoppers as cybersecurity experts uncover 62 popular apps that can track your precise location to within just a few metres
Researchers analyzed 71 of the world's most popular shopping apps on the Google Play Store, including Amazon, eBay, Samsung, Nike,...
September 19, 2024 07:00 AM
BPI scores multiple wins at Marketing Excellence Awards for cybersecurity, AI-driven campaigns
Bank of the Philippine Islands bagged five prestigious awards at the Marketing Excellence Awards 2024, recognizing its innovative efforts in...
August 27, 2024 07:00 AM
LAZADA GROUP RELEASES ANNUAL ENVIRONMENTAL, SOCIAL AND GOVERNANCE (ESG) IMPACT REPORT FOR FINANCIAL YEAR 2024
Lazada's third ESG Impact Report underscores its commitment to building a responsible and sustainable business through innovation.
June 27, 2024 07:00 AM
Lazada denies data breach
Online shopping platform Lazada has denied claims that records of about 18 million customers have been breached.
June 27, 2024 07:00 AM
Lazada, GCash say no compromise of customer information
Lazada and Gcash, two major players in online shopping and mobile payments, have both denied reports of customer data breaches.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Lazada CyberSecurity History Information
Official Website of Lazada
The official website of Lazada is https://group.lazada.com/.
Lazada’s AI-Generated Cybersecurity Score
According to Rankiteo, Lazada’s AI-generated cybersecurity score is 801, reflecting their Good security posture.
How many security badges does Lazada’ have ?
According to Rankiteo, Lazada currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Lazada have SOC 2 Type 1 certification ?
According to Rankiteo, Lazada is not certified under SOC 2 Type 1.
Does Lazada have SOC 2 Type 2 certification ?
According to Rankiteo, Lazada does not hold a SOC 2 Type 2 certification.
Does Lazada comply with GDPR ?
According to Rankiteo, Lazada is not listed as GDPR compliant.
Does Lazada have PCI DSS certification ?
According to Rankiteo, Lazada does not currently maintain PCI DSS compliance.
Does Lazada comply with HIPAA ?
According to Rankiteo, Lazada is not compliant with HIPAA regulations.
Does Lazada have ISO 27001 certification ?
According to Rankiteo,Lazada is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Lazada
Lazada operates primarily in the Software Development industry.
Number of Employees at Lazada
Lazada employs approximately 21,422 people worldwide.
Subsidiaries Owned by Lazada
Lazada presently has no subsidiaries across any sectors.
Lazada’s LinkedIn Followers
Lazada’s official LinkedIn profile has approximately 1,271,072 followers.
NAICS Classification of Lazada
Lazada is classified under the NAICS code 5112, which corresponds to Software Publishers.
Lazada’s Presence on Crunchbase
No, Lazada does not have a profile on Crunchbase.
Lazada’s Presence on LinkedIn
Yes, Lazada maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/lazada.
Cybersecurity Incidents Involving Lazada
As of November 27, 2025, Rankiteo reports that Lazada has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Lazada has an estimated 26,597 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Lazada ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Data Leak.
How does Lazada detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with customers were cautioned by lazada to watch out for phishing emails...
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Alibaba's Cainiao Network
Description: Chinese police arrested 21 suspects for theft of customer information from Alibaba Group Holding’s logistics affiliate Cainiao Network. More than 10 million pieces of client data was compromised, including user names, phone numbers, and parcel tracking numbers. Barcode scanners used in its distribution stations had been infected with malware. Police investigation determined that none of the illegally obtained data had been shared with any third parties.
Type: Data Breach
Attack Vector: Malware
Vulnerability Exploited: Infected Barcode Scanners
Threat Actor: 21 suspects arrested by Chinese police
Motivation: Theft of Customer Information
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ALI212330922
Data Compromised: User names, Phone numbers, Parcel tracking numbers
Systems Affected: Barcode scanners
Incident : Data Breach RED4498523
Data Compromised: Names, Phone numbers, E-mail addresses, Mailing addresses, Encrypted passwords, A portion of credit card numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are User Names, Phone Numbers, Parcel Tracking Numbers, , Personal Information, Payment Information and .
Which entities were affected by each incident ?
Incident : Data Breach ALI212330922
Entity Name: Cainiao Network
Entity Type: Logistics Company
Industry: Logistics
Location: China
Customers Affected: More than 10 million
Incident : Data Breach RED4498523
Entity Name: RedMart
Entity Type: E-commerce
Industry: E-grocer
Customers Affected: 1100000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ALI212330922
Incident : Data Breach RED4498523
Communication Strategy: Customers were cautioned by Lazada to watch out for phishing emails.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ALI212330922
Type of Data Compromised: User names, Phone numbers, Parcel tracking numbers
Number of Records Exposed: More than 10 million
Incident : Data Breach RED4498523
Type of Data Compromised: Personal information, Payment information
Number of Records Exposed: 1100000
Sensitivity of Data: High
Data Exfiltration: Yes
Data Encryption: Passwords were encrypted
Personally Identifiable Information: Yes
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customers were cautioned by Lazada to watch out for phishing emails..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach RED4498523
Customer Advisories: Customers were cautioned by Lazada to watch out for phishing emails.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Customers were cautioned by Lazada to watch out for phishing emails..
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ALI212330922
Root Causes: Infected Barcode Scanners
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an 21 suspects arrested by Chinese police.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were User names, Phone numbers, Parcel tracking numbers, , names, phone numbers, e-mail addresses, mailing addresses, encrypted passwords, a portion of credit card numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Barcode scanners.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were encrypted passwords, a portion of credit card numbers, e-mail addresses, mailing addresses, Parcel tracking numbers, names, phone numbers, User names and Phone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.0M.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Customers were cautioned by Lazada to watch out for phishing emails.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=lazada' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
