Hackers who gained unauthorized access to an AliExpress Korea sellers’ portal have stolen eight-point-six billion won, or about five-point-eight million U.S. dollars, according to a recent report. 

The report, submitted to Rebuilding Korea Party Rep. Lee Hai-min on Tuesday by the Korea Internet and Security Agency(KISA), said the Chinese e-commerce giant alerted KISA to the “infringement incident” on October 24 of last year, revealing that some 100 accounts were compromised.
 
Under the Information and Communications Network Act, an information and communications service provider must alert KISA or the science ministry of a cyberattack within 24 hours of becoming aware of it. 

Violating that obligation results in a fine of 30 million won. 

In its report to KISA, AliExpress said it first became aware of the possibility of unauthorized access by hackers to its sellers’ portal on October 16.

The company was found to have launched an investigation into the matter after some of its sellers informed it that payments hadn’t been settled properly.

The probe found that the hacker manipulated the flaws of the one-time password process used to restore the passwords of sellers’ accounts to get access.