I used to buy using credit card at Aliexpress one day morning when I am causally looking at messages on phone I am shocked, USD 2000 used at aliexpress that too mid night. Fortunately my card issuer bank rejected the transactions and returned money. Due to that reason I am using Webmoney now.
I'm afraid your credit card details have been breached and whoever has the details will do international transaction again so I strongly suggest you to block that card and get a new one if you haven't already.
Here is little bit about how a credit/debit card info is leaked online and how to be careful:
1. Many eCommerce sites allow you to store your credit/debit card information for later use, making repeated purchases easy. Reputed sites highly encrypt this information and incase they notice data breach, they will immediately alert the users but some sites or payment gateways have security flaws or weak encryption that make your information vulnerable. I would suggest not to save your bank details anywhere online and if you receive alert about data breach, secure your information asap (i.e change password, replace card if its leaked and etc).
2. Infected devices (Smartphone, PC, Laptop, Router) can also steal your card details while making online transactions. Old hardware, drivers and softwares can also be vulnerable. Using more then 10 year old computer with Windows XP for bank transactions is very bad idea. Most routers or modems provided by ISPs aren't secured either so instead get yourself a router or modem of reputed brand and change the default password to a strong one. Keep your devices protected with latest antivirus and security patches. Remove suspicions softwares and games.
3. You need to be doubly careful when using a smartphones for online fund transfer and online shopping. OTP authentication is not safe as you may think.
The purpose of an OTP is to prevent fraud by confirming that the person making the transaction and the credit/debit card owner are one and the same but is the smartphone used to send and receive an OTP innocuous? Regrettably, not very. What seemed to be like a strong authentication process when it was first introduced is nowadays easily bypassed or accessed by mobile apps (Including infected by malware).
For example in Whats app setup, you enter your mobile no and then it sends OTP from their server to your number and the app automatically fetches SMS for OTP for confirmation. Same thing happens in eCommerce apps while making payments and I have seen some OTP's having no details about transaction amount, just the pass code!
Of course the app will ask you permission to intercept SMS and some payment gateways have option to get OTP from bank's website but how many people are aware? They just accept everything and do the payment believing the app is safe and then end up losing huge amount. Even if the app is safe, the smartphone could be infected with a spyware and it tracks whatever you do. Once it gets your card details, it will make the transaction, get OTP from your phone and deletes the SMS once done. This all happens in the background and you'll not be aware until you get notification from bank. Clicking URL links sent by unknown person (Via email, whatsapp, sms) is very bad idea and thats how you get malware.
I always use my PC for most of online transactions and manually enter OTP that is sent to my smartphone. For mobile banking I use one phone for the transaction and another phone for receiving OTP.
4. International stores (Like Aliexpress, Banggood, Gearbest and etc) don't use OTP for placing orders and its good for fraudsters to buy items using leaked card details. It doesn't mean card owner has registered in that site and that is being leaked or hacked. One of my friend came across fraud just like what happened to Suryaputhra but he never visited Aliexpress. May be his card details was leaked somewhere else and fraudster tried to place order on Aliexpress. Fortunately bank rejected the transactions and refunded his money.
Ask your bank if they can provide OTP for international transactions and if you don't make international purchases, I believe there is an option to disable international transactions in your online bank account.