GearBest Database Was Left Unsecured For 2 Weeks

GearBest is one of the most popular Chinese online stores, and we often feature products sold by the company on the website. However, VPNMentor research team headed by Noam Rotem, a  hat hacker and activist, discovered a serious security breach in Gearbest, where their database was completely unsecured for a period of time.

gearbest unsecured database

Specifically the research team was able to access the following databases in March 2019:

  • Orders database with products purchased, shipping address and postcode, customer name, email address, phone number
  • Payments and invoices database with order number, payment type, payment information, email address, name, IP address
  • Members database with name, address, date of birth, phone number, (unencrypted) email address, IP address, national ID and passport information, (unencrypted) account password

They discovered 1.5+ million records in total. They managed to login successfully to two accounts from the database breach for testing. Payment information included data related Boleta (used in Brazil) and Oxxo (used in Mexico) which would allow potential hackers to access customer’s receipts and their banking information. The company also noticed that GearBest sells some adult toys, and if you wanted to purchase those discreetly your list of purchases was just open for anybody (with the right skills) to see.

GearBest saw the report published on March 15, and corrected & explained the issue in a post in Facebook reproduced below.

GearBest Data BreachSo provided GearBest statement is accurate, it’s bad, but not as catastrophic as it first appeared, at least if you did not order anything from the company, or did not first registered with the company, on March 1-15. Basically, a firewall was taken down for two weeks, and 280,000 users (or is that orders?) were affected during that time. The company has now restored the firewall, and should have already reset password of affected users.

The statement did not mention anything about encrypting data in those databases however, but hopefully they’ll do something about it. If they don’t, and if for whatever reason the firewall is taken down again or breached, the data will be available publicly again.

Via SecurityWeek

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX Rockchip RK3588 mini-ITX motherboard

Radxa ROCK 5C Lite SBC with Rockchip RK3588 / RK3582 SoC
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
5 Comments
oldest
newest
Diego
Diego
5 years ago

I don’t get it was it all users or just some? But whatever happened storing all sorts of crap in plaintext only secured by a so called firewall. That means everyone within the organisation has access to the db in any case.

theguyuk
theguyuk
5 years ago

I thought white hat hackers warned the companies and gave some time to fix them problem before going public ?

Diego
Diego
5 years ago

I heard GB didn’t give a dime for 2 weeks..

Singman
Singman
5 years ago

Wrong, if you compare the timing, it look like VPNMentor published the security breach really fast. It got discovered on 1st March and corrected the 15th.

Terry
Terry
5 years ago

Wonderful, haven’t bought anything from Gearbest for over 2 years , last Thursday (14th) I made a purchase.

Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...