VIPSHOP
Company Details
Linkedin ID:
vipshopofficial
Website:
Employees number:
78
Number of followers:
6,022
NAICS:
513
Industry Type:
Homepage:
vipshop.sg
IP Addresses:
0
Company ID:
VIP_2042090
Scan Status:
In-progress
VIPSHOP Company CyberSecurity Posture
vipshop.sg
VIPSHOP is the official South East Asia headquarters of VIP.com (唯品会) (https://ir.vip.com/), which was founded in 2008. It has been listed on New York Stock Exchange (NYSE) since 2012 and works with over 41,000 brands, offering a curated selection of products in fashion apparel, shoes & bags, cosmetics, mother & kids, home & living, and more. Since its listing, VIP.com (唯品会) has achieved profitability for 42 consecutive quarters and counting, with US$15 billion in total net revenue for 2022. It has received worldwide recognition on Fortune China 500, Dow Jones Sustainability Index (DJSI), Forbes China and more. VIPSHOP is the official South East Asia headquarters of VIP.com (唯品会). Established in 2022, it aims to bring 100% Authentic, high-quality products from premium brands to Southeast Asian consumers, at accessible prices. VIPSHOP strives to find the best deals and aims to connect the world’s top brands to make people feel their best.
VIPSHOP A.I CyberSecurity Scoring
VIPSHOP Risk Score (AI oriented)Between 750 and 799
VIPSHOP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
VIPSHOP Global Score (TPRM)XXXX
VIPSHOP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
VIPSHOP Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
VIPSHOP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for VIPSHOP
Incidents vs Technology, Information and Internet Industry Average (This Year)
No incidents recorded for VIPSHOP in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for VIPSHOP in 2025.
Incident Types VIPSHOP vs Technology, Information and Internet Industry Avg (This Year)
No incidents recorded for VIPSHOP in 2025.
Incident History — VIPSHOP (X = Date, Y = Severity)
VIPSHOP cyber incidents detection timeline including parent company and subsidiaries
VIPSHOP Company Subsidiaries
VIPSHOP is the official South East Asia headquarters of VIP.com (唯品会) (https://ir.vip.com/), which was founded in 2008. It has been listed on New York Stock Exchange (NYSE) since 2012 and works with over 41,000 brands, offering a curated selection of products in fashion apparel, shoes & bags, cosmetics, mother & kids, home & living, and more. Since its listing, VIP.com (唯品会) has achieved profitability for 42 consecutive quarters and counting, with US$15 billion in total net revenue for 2022. It has received worldwide recognition on Fortune China 500, Dow Jones Sustainability Index (DJSI), Forbes China and more. VIPSHOP is the official South East Asia headquarters of VIP.com (唯品会). Established in 2022, it aims to bring 100% Authentic, high-quality products from premium brands to Southeast Asian consumers, at accessible prices. VIPSHOP strives to find the best deals and aims to connect the world’s top brands to make people feel their best.
Loading...
VIPSHOP Similar Companies
Fanatics is a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowi
Peraton
Do the can't be done. At Peraton, we're at the forefront of delivering the next big thing every day. We're the partner of choice to help solve some of the world's most daunting challenges, delivering bold, new solutions to keep people around the world safer and more secure. How do we do it? By thi
Arrow Electronics
Arrow Electronics (NYSE:ARW) guides innovation forward for thousands of leading technology manufacturers and service providers. With 2024 sales of $27.9 billion, Arrow develops technology solutions that help improve business and daily life. Our broad portfolio that spans the entire technology lands
Booking Holdings is the world’s leading provider of online travel & related services, provided to consumers and local partners in more than 220 countries and territories through six primary consumer-facing brands: Booking.com, Priceline, Agoda, Rentalcars.com, KAYAK and OpenTable. Collectively, Book
Avnet
Avnet is a global electronic components distributor with extensive design, product, marketing and supply chain expertise for customers and suppliers at every stage of the product lifecycle. For the past 100 years, Avnet has helped its customers and suppliers around the world realize the transformati
Jumia (NYSE :JMIA) is a leading e-commerce platform in Africa. It is built around a marketplace, Jumia Logistics, and JumiaPay. The marketplace helps millions of consumers and sellers to connect and transact. Jumia Logistics enables the delivery of millions of packages through our network of local p
NetEase
As a leading internet technology company based in China, NetEase, Inc. (NASDAQ: NTES and HKEX:9999, "NetEase") provides premium online services centered around content creation. With extensive offerings across its expanding gaming ecosystem, NetEase develops and operates some of China's most popula
SLB
We are a technology company that unlocks access to energy for the benefit of all. As innovators, that’s been our mission for nearly a century. Today, we face a global imperative to create a future with more energy, but less carbon. Our diverse, innovative change makers are focused on going further i
Flipkart
At Flipkart, we're driven by our purpose of empowering every Indian's dream by delivering value through innovation in technology and commerce. With a customer base of over 350 million, product coverage of over 150 million across 80+ categories, a focus on generating direct and indirect employment an
.png)
VIPSHOP CyberSecurity News
April 07, 2025 07:00 AM
Public Officials Separate Workplace and Personal Online Lives. Hackers Don’t Care.
Attacks on the personal accounts of VIPs are on the rise; 'They are prime targets'
August 06, 2024 07:00 AM
Air Force seeks secure cloud app to manage flights for govt VIPs
The new tool is critical “due to significant cybersecurity vulnerabilities identified in the existing scheduling system,” the branch says in...
May 14, 2024 07:00 AM
Tinubu, Shettima, other VIPs now to pay tollgate fees at airports — Keyamo
As Aviation gets approval for procurement of N4.2bn aircraft recovery equipments … Cybersecurity Levy policy suspended to go through review...
August 18, 2023 02:20 PM
Cyber Security for Higher Education Institutions
Senior leaders should understand the potential impact of cyber attacks and must take ultimate responsibility for the digital resilience of the organisation,...
November 06, 2022 07:00 AM
Indian ‘hack-for-hire’ firms target VIPs, states
Illegal hacking operatives, dubbed “hack-for-hire” companies, are operating across India and infiltrate emails and phones of VIPs and states for a fee paid by...
November 05, 2022 07:00 AM
Exposed: the global hacking network that targets VIPs
Private investigators linked to the City of London are using an India-based computer hacking gang to target British businesses, government officials and...
November 16, 2021 08:00 AM
Focus on your Very-Attacked People, not VIPS
While VAPs are rarely the firm's most senior executives, they have access to sensitive information or are able to perform wire transfers at...
January 22, 2020 08:00 AM
From politicians to tech titans, Mohammed bin Salman meets array of VIPs
Saudi Crown Prince Mohammed bin Salman posing with Amazon CEO Jeff Bezos during the latter's visit to Riyadh.
April 06, 2018 07:00 AM
Google, Magic Leap, Virgin Group: Saudi Crown Prince met with tech VIPs
The Saudi Crown Prince Mohammed bin Salman is meeting a star-studded group of tech and media CEOs this week, including Google co-founder Sergey Brin and CEO...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
VIPSHOP CyberSecurity History Information
Official Website of VIPSHOP
The official website of VIPSHOP is https://vipshop.sg.
VIPSHOP’s AI-Generated Cybersecurity Score
According to Rankiteo, VIPSHOP’s AI-generated cybersecurity score is 794, reflecting their Fair security posture.
How many security badges does VIPSHOP’ have ?
According to Rankiteo, VIPSHOP currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does VIPSHOP have SOC 2 Type 1 certification ?
According to Rankiteo, VIPSHOP is not certified under SOC 2 Type 1.
Does VIPSHOP have SOC 2 Type 2 certification ?
According to Rankiteo, VIPSHOP does not hold a SOC 2 Type 2 certification.
Does VIPSHOP comply with GDPR ?
According to Rankiteo, VIPSHOP is not listed as GDPR compliant.
Does VIPSHOP have PCI DSS certification ?
According to Rankiteo, VIPSHOP does not currently maintain PCI DSS compliance.
Does VIPSHOP comply with HIPAA ?
According to Rankiteo, VIPSHOP is not compliant with HIPAA regulations.
Does VIPSHOP have ISO 27001 certification ?
According to Rankiteo,VIPSHOP is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of VIPSHOP
VIPSHOP operates primarily in the Technology, Information and Internet industry.
Number of Employees at VIPSHOP
VIPSHOP employs approximately 78 people worldwide.
Subsidiaries Owned by VIPSHOP
VIPSHOP presently has no subsidiaries across any sectors.
VIPSHOP’s LinkedIn Followers
VIPSHOP’s official LinkedIn profile has approximately 6,022 followers.
NAICS Classification of VIPSHOP
VIPSHOP is classified under the NAICS code 513, which corresponds to Others.
VIPSHOP’s Presence on Crunchbase
No, VIPSHOP does not have a profile on Crunchbase.
VIPSHOP’s Presence on LinkedIn
Yes, VIPSHOP maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/vipshopofficial.
Cybersecurity Incidents Involving VIPSHOP
As of November 27, 2025, Rankiteo reports that VIPSHOP has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
VIPSHOP has an estimated 12,514 peer or competitor companies worldwide.
VIPSHOP CyberSecurity History Information
How many cyber incidents has VIPSHOP faced ?
Total Incidents: According to Rankiteo, VIPSHOP has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at VIPSHOP ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=vipshopofficial' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
