Gearbest; Caution! large data leak

The well-known Gearbest, a major Chinese online shopping company, revealed millions of user profiles and purchase orders, according to security researchers.

Researcher Noam Rotem discovered that an Elasticsearch server is leaking millions of files every week. Σε αυτά συμπεριλαμβάνονται δεδομένα πελατών, παραγγελιών και from payments. The server is not even password protected, allowing anyone to access the data.

Gearbest ranks as one of the top 250 websites worldwide and cooperates with leading companies such as Asus, , Intel and .Gearbest

The TechCrunch website contacted Gearbest via a dedicated security page, and made sure to inform them of the vulnerable server. Despite the report, however, the company did not lock the data or respond to the request.

Rotem, who shared them his findings with TechCrunch, stated that among the circulating there are names, addresses, phone numbers, email addresses and customer orders from products purchased. The database also had information on payments and invoices.

"The of some people's orders has turned out to be very revealing," says Rotem.

Exposed orders not only violate customer privacy, but may endanger the company's customers in many parts of the world where the and expression is limited. Some of the listings are for sex toys and other purchases that could, for example, lead to legal interference where LGBTQ relationships are prohibited by law.

Countries such as the United Arab Emirates and Pakistan have strict laws that can result in death sentences.

Shenzhen-based Gearbest has a large presence in Europe, with warehouses in Spain, Poland, the Czech Republic and the UK, where data protection laws apply and of the EU. Thus, any company that violates the General Data Protection Regulation (GDPR) can be fined up to 4% of its total revenue.

If you have an account on the site, it makes no sense to change your password, as the server is still a wild vine. But what you can do is change the password where you use the same.

How to Enable and Disable a User in Windows 10

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).