Gearbest’s database of accounts, addresses, orders, and payment info was reportedly unsecured

Gearbest is an e-commerce portal that specializes in Chinese goods. We have mentioned Gearbest in the past, mainly as a way to purchase and import Android smartphones from China into countries where these are not officially sold by the OEM. If you have utilized Gearbest in the past, it is imperative that you know of a recent security breach in Gearbest’s database as discovered by white hat hacker Noam Rotem and VPNMentor’s team.

Several different parts of Gearbest’s database were found to be completely unsecured, as hackers could access databases related to orders, payments, invoices as well as member data. These databases were accessed in March 2019 and more than 1.5 Million records were found lying exposed. While Gearbest claims in its Privacy Policy that user information that is collected is stored in an encrypted form, the hackers found this claim to be categorically false as personally identifiable information ranging from IP address, shipping address, email addresses, passwords, birth dates, national identity number, payment details, order history and more were made accessible in an easy-to-read and unencrypted format. Needless to say, this data breach is one of the worst case scenarios for an ecommerce portal, completely destroying confidence and trust, and as such, it is prudent that users reassess their dealings with the website.

Since the hack was part of an ethical hacking project, the hackers repeatedly contacted Gearbest as well as its parent entity, Globalegrow, to inform them of the breach and give them several days notice. However, there was no response from their end by the time the report was published. Once AndroidPolice published their article on the same, Gearbest reached out to them with a statement, which is reproduced as below:

Immediately upon being aware of this incident, our security experts have initiated an investigation to verify the allegations made by Mr. Noam Rotem. While we found that all our own established databases or servers used for storing or processing Data are protected with all necessary encryption measures and are absolutely safe, some of the external tools we use to temporarily store Data may have been accessed by others and therefore Data security may have been compromised.

The external tools we use are intended to improve efficiency and prevent data overload and the Data will only be stored in such tools for less than 3 calendar days before it is automatically destroyed. Considering possible data security breaches, we protected those tools with powerful firewalls to avoid any such data being compromised by malicious scanning from others. However, our investigation reveals that on March 1st, 2019, such firewalls were mistakenly taken down by one of our security team members for reasons still being under investigation. Such unprotected status has directly exposed those tools for scanning and accessing without further authentication.

Currently, we believe this may have affected our newly registered customers as well as our old customers who placed orders with Gearbest during the time from March 1st 2019 to March 15th, 2019, in a total number of about 280,000. Fortunately, the irregularity has been fixed by us within two hours immediately after detecting it and we will further strengthen our internal security management to avoid such incident from happening again.

We truthfully apologize for what happened. In addition to what we have done mentioned above, we will be urgently carrying out measures to inactivate the passwords of those newly registered customers for avoidance any illegal login to their accounts and will also send email to all affected customers for updating the situation.

If you have a Gearbest account, it would be wise to change your password, at the very least, even if you have not received an email for the same. It would also be wise to consider alternatives for future transactions.


Source: VPNMentor
Story Via: AndroidPolice