Postaj Ninja is popular among people who want to check the status of shipments ordered from AliExpress. However, the site could easily retrieve data on up to 800,000 shipments, which also included the name and the surname of the customer and the address to which the package is to be delivered. Tracking numbers were not randomly generated and were easy to predict.

One of the readers of the Trusted Third Party noticed a vulnerability in Postal Ninja, thanks to report from TTP it was quickly resolved. Speaking of speed, after reporting the gap, the TTP portal only had to wait three hours for Postal Ninja’s response. In their response, TTP ensured that the gap was patched within 24 hours. After removing the vulnerability, the status of the shipment can still be seen, however, recipients name and surname show only three initial letters and the address field no longer shows the street and apartment number.