Noam Rotem and his researcher team of VPNMentor have discovered a security breach in the GearBest e-commerce website. The failure was in a wrong configuration of the encryption of one of the servers where some of the company's databases are hosted, leaving more than 1.5 million records accessible.
The exposed information belongs to orders (purchased products, shipping addresses, customer names, emails, phone numbers, etc.), payment and invoice data (order numbers, type and payment information, email, name, IP, etc.) and user data (name, address, date of birth, phone number, mail, passport, password, etc.).
The VPNMentor team recommends changing the access credentials, and report that they have tried to contact GearBest to inform them of the situation, but have not yet received a response.