Massive information leakage in GearBest
Noam Rotem and his researcher team of VPNMentor have discovered a security breach in the GearBest e-commerce website. The failure was in a wrong configuration of the encryption of one of the servers where some of the company's databases are hosted, leaving more than 1.5 million records accessible.
The exposed information belongs to orders (purchased products, shipping addresses, customer names, emails, phone numbers, etc.), payment and invoice data (order numbers, type and payment information, email, name, IP, etc.) and user data (name, address, date of birth, phone number, mail, passport, password, etc.).
The VPNMentor team recommends changing the access credentials, and report that they have tried to contact GearBest to inform them of the situation, but have not yet received a response.
References:
- 14/03/2019 vpnmentor.com Report – Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breach
- 14/03/2019 techcrunch.com Gearbest security lapse exposed millions of shopping orders
- 15/03/2019 redeszone.net ¿Has comprado en Gearbest? Tus pedidos, información de pago y datos personales se han filtrado
- 16/03/2019 unaaldia.hispasec.com Gran brecha de seguridad en GearBest expone datos de millones de usuarios