Lazada
Company Details
Linkedin ID:
lazada
Website:
Employees number:
21,422
Number of followers:
1,271,072
NAICS:
5112
Industry Type:
Homepage:
lazada.com
IP Addresses:
0
Company ID:
LAZ_9818551
Scan Status:
In-progress
Lazada Company CyberSecurity Posture
lazada.com
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.
Lazada A.I CyberSecurity Scoring
Lazada Risk Score (AI oriented)Between 800 and 849
Lazada
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Lazada Global Score (TPRM)XXXX
Lazada
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Lazada Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Alibaba.com
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Chinese police arrested 21 suspects for theft of customer information from Alibaba Group Holding’s logistics affiliate Cainiao Network. More than 10 million pieces of client data was compromised. Compromised information includes user names, phone numbers and parcel tracking numbers. Barcode scanners used in its distribution stations had been infected with malware. Police investigation determined that none of the illegally obtained data had been shared with any third parties.
RedMart
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A customer database containing the private information of 1.1 million RedMart user accounts was breached, and this information was then sold on an internet forum. The data leak was confirmed by a representative for e-commerce behemoth Lazada, which also owns e-grocer Redmart. It was discovered that the stolen personal data included names, phone numbers, e-mail addresses, mailing addresses, passwords that were encrypted, and a portion of credit card numbers. Customers were also cautioned by Lazada to watch out for phishing emails, in which con artists pose as Lazada representatives and request critical information.
Lazada Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Lazada
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Lazada in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Lazada in 2025.
Incident Types Lazada vs Software Development Industry Avg (This Year)
No incidents recorded for Lazada in 2025.
Incident History — Lazada (X = Date, Y = Severity)
Lazada cyber incidents detection timeline including parent company and subsidiaries
Lazada Company Subsidiaries
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.
Loading...
Lazada Similar Companies
DiDi
DiDi Global Inc. is a leading mobility technology platform. It offers a wide range of app-based services across Asia Pacific, Latin America, and other global markets, including ride hailing, taxi hailing, designated driving, hitch and other forms of shared mobility as well as certain energy and vehi
OpenText
OpenText is a leading Cloud and AI company that provides organizations around the world with a comprehensive suite of Business AI, Business Clouds, and Business Technology. We help organizations grow, innovate, become more efficient and effective, and do so in a trusted and secure way—through Inform
Rakuten
Rakuten Group, Inc. (TSE: 4755) is a global technology leader in services that empower individuals, communities, businesses and society. Founded in Tokyo in 1997 as an online marketplace, Rakuten has expanded to offer services in e-commerce, fintech, digital content and communications to 2 billion m
Xiaomi Technology
Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core. Embracing our vision
Zoho
Zoho offers beautifully smart software to help you grow your business. With over 100 million users worldwide, Zoho's 55+ products aid your sales and marketing, support and collaboration, finance, and recruitment needs—letting you focus only on your business. Zoho respects user privacy and does not h
Airbnb
Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays, experiences and services that make it p
Wolt
Wolt is a Helsinki-based technology company with a mission to bring joy, simplicity and earnings to the neighborhoods of the world. Wolt develops a local commerce platform that connects people looking to order food, groceries, and other goods with people interested in selling and delivering them. Wo
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
TOTVS
Olá, somos a TOTVS! A maior empresa de tecnologia do Brasil. 🤓 Líder absoluta em sistemas e plataformas para empresas, a TOTVS possui mais de 70 mil clientes. Indo muito além do ERP, oferece tecnologia completa para digitalização dos negócios por meio de 3 unidades de negócio: - Gestão: ERPs, sol
.png)
Lazada CyberSecurity News
July 22, 2025 07:00 AM
Adobe expands copyright and cybersecurity cooperation in Vietnam
Vietnam urges Adobe to expand support and ensure legal software distribution locally. On July 21, a working session was held at the Ministry of Culture, Sports...
March 17, 2025 07:00 AM
AI-supported spear phishing threatens APAC e-commerce
AI-driven spear phishing, a form of advanced social engineering, is emerging as a major cybersecurity threat in the region.
January 28, 2025 08:00 AM
Here’s what you should do if your customer data is breached online
Customer data breaches can happen to anyone, but there are ways to defend against or mitigate such incidents.
January 26, 2025 08:00 AM
Northstar went dental🦷, Google fined 💸, eFishery fraud unfolds🤯, secondary exits trending?
Dear readers,. It's a long Lunar New Year break here in Indonesia, but we are still excited to share the latest updates from Indonesia's...
January 23, 2025 08:00 AM
The mounting landscape of phishing scams in Malaysia
Phishing scams in Malaysia are emerging again and evolving as cyber security threats, with attackers employing increasingly sophisticated techniques to exploit...
September 19, 2024 07:00 AM
BPI scores multiple wins at Marketing Excellence Awards for cybersecurity, AI-driven campaigns
Bank of the Philippine Islands bagged five prestigious awards at the Marketing Excellence Awards 2024, recognizing its innovative efforts in...
August 27, 2024 07:00 AM
LAZADA GROUP RELEASES ANNUAL ENVIRONMENTAL, SOCIAL AND GOVERNANCE (ESG) IMPACT REPORT FOR FINANCIAL YEAR 2024
PRNewswire/ -- Lazada, a leading eCommerce platform in Southeast Asia, today released its annual Environment, Social, and Governance (ESG)...
June 27, 2024 12:58 PM
GCash: accounts secure, operations normal as hack report hits 3rd firm this week
GCash, the country's largest mobile payments service, said on Thursday that its popular electronic wallet is fully operational and that no disruptions have...
June 27, 2024 07:00 AM
Lazada denies data breach
Online shopping platform Lazada has denied claims that records of about 18 million customers have been breached.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Lazada CyberSecurity History Information
Official Website of Lazada
The official website of Lazada is https://group.lazada.com/.
Lazada’s AI-Generated Cybersecurity Score
According to Rankiteo, Lazada’s AI-generated cybersecurity score is 801, reflecting their Good security posture.
How many security badges does Lazada’ have ?
According to Rankiteo, Lazada currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Lazada have SOC 2 Type 1 certification ?
According to Rankiteo, Lazada is not certified under SOC 2 Type 1.
Does Lazada have SOC 2 Type 2 certification ?
According to Rankiteo, Lazada does not hold a SOC 2 Type 2 certification.
Does Lazada comply with GDPR ?
According to Rankiteo, Lazada is not listed as GDPR compliant.
Does Lazada have PCI DSS certification ?
According to Rankiteo, Lazada does not currently maintain PCI DSS compliance.
Does Lazada comply with HIPAA ?
According to Rankiteo, Lazada is not compliant with HIPAA regulations.
Does Lazada have ISO 27001 certification ?
According to Rankiteo,Lazada is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Lazada
Lazada operates primarily in the Software Development industry.
Number of Employees at Lazada
Lazada employs approximately 21,422 people worldwide.
Subsidiaries Owned by Lazada
Lazada presently has no subsidiaries across any sectors.
Lazada’s LinkedIn Followers
Lazada’s official LinkedIn profile has approximately 1,271,072 followers.
NAICS Classification of Lazada
Lazada is classified under the NAICS code 5112, which corresponds to Software Publishers.
Lazada’s Presence on Crunchbase
No, Lazada does not have a profile on Crunchbase.
Lazada’s Presence on LinkedIn
Yes, Lazada maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/lazada.
Cybersecurity Incidents Involving Lazada
As of December 11, 2025, Rankiteo reports that Lazada has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Lazada has an estimated 27,532 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Lazada ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
How does Lazada detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with customers were cautioned by lazada to watch out for phishing emails...
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Alibaba's Cainiao Network
Description: Chinese police arrested 21 suspects for theft of customer information from Alibaba Group Holding’s logistics affiliate Cainiao Network. More than 10 million pieces of client data was compromised, including user names, phone numbers, and parcel tracking numbers. Barcode scanners used in its distribution stations had been infected with malware. Police investigation determined that none of the illegally obtained data had been shared with any third parties.
Type: Data Breach
Attack Vector: Malware
Vulnerability Exploited: Infected Barcode Scanners
Threat Actor: 21 suspects arrested by Chinese police
Motivation: Theft of Customer Information
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ALI212330922
Data Compromised: User names, Phone numbers, Parcel tracking numbers
Systems Affected: Barcode scanners
Incident : Data Breach RED4498523
Data Compromised: Names, Phone numbers, E-mail addresses, Mailing addresses, Encrypted passwords, A portion of credit card numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are User Names, Phone Numbers, Parcel Tracking Numbers, , Personal Information, Payment Information and .
Which entities were affected by each incident ?
Incident : Data Breach ALI212330922
Entity Name: Cainiao Network
Entity Type: Logistics Company
Industry: Logistics
Location: China
Customers Affected: More than 10 million
Incident : Data Breach RED4498523
Entity Name: RedMart
Entity Type: E-commerce
Industry: E-grocer
Customers Affected: 1100000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ALI212330922
Incident : Data Breach RED4498523
Communication Strategy: Customers were cautioned by Lazada to watch out for phishing emails.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ALI212330922
Type of Data Compromised: User names, Phone numbers, Parcel tracking numbers
Number of Records Exposed: More than 10 million
Incident : Data Breach RED4498523
Type of Data Compromised: Personal information, Payment information
Number of Records Exposed: 1100000
Sensitivity of Data: High
Data Exfiltration: Yes
Data Encryption: Passwords were encrypted
Personally Identifiable Information: Yes
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customers were cautioned by Lazada to watch out for phishing emails..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach RED4498523
Customer Advisories: Customers were cautioned by Lazada to watch out for phishing emails.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Customers were cautioned by Lazada to watch out for phishing emails..
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ALI212330922
Root Causes: Infected Barcode Scanners
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an 21 suspects arrested by Chinese police.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were User names, Phone numbers, Parcel tracking numbers, , names, phone numbers, e-mail addresses, mailing addresses, encrypted passwords, a portion of credit card numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Barcode scanners.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were encrypted passwords, phone numbers, names, a portion of credit card numbers, Parcel tracking numbers, mailing addresses, e-mail addresses, User names and Phone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.0M.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Customers were cautioned by Lazada to watch out for phishing emails.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=lazada' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
