The well-known Gearbest is a big Chinese one company ηλεκτρονικών αγορών, αποκάλυψε εκατομμύρια προφίλ χρηστών και παραγγελίες αγορών, σύμφωνα με researchers security.
Researcher Noam Rotem discovered that one server της Elasticsearch διαρρέει εκατομμύρια αρχεία κάθε εβδομάδα. Σε αυτά συμπεριλαμβάνονται δεδομένα πελατών, παραγγελιών και αρχείων από πληρωμές. Ο διακομιστής δεν προστατεύεται καν με κάποιο κωδικό πρόσβασης, επιτρέποντας σε οποιονδήποτε να έχει πρόσβαση στα δεδομένα.
Gearbest is ranked among one of the world's leading 250 websites and is partnering with leading companies such as Asus, Huawei, Intel and Lenovo.
The TechCrunch website contacted Gearbest via a dedicated security page, and made sure to inform them of the vulnerable server. Despite the report, however, the company did not lock the data or respond to the request.
Rotem, who shared them his findings with TechCrunch, said that there are names, addresses, phone numbers, e-mail addresses and customer orders from purchased products among the data being released. The database also had information on payments and invoices.
"The content of some people's orders has been very revealing," says Rotem.
Exposed orders not only violate customers' privacy but may compromise customers in many parts of the world where freedom of speech and expression is limited. Some of the listings include sex games and other markets that could for example lead to legal interference where LGBTQ relationships are forbidden by law.
Countries such as the United Arab Emirates and Pakistan have strict laws that can result in death sentences.
Shenzhen-based Gearbest has a large presence in Europe, with warehouses in Spain, Poland, the Czech Republic and United Kingdom, where EU data protection and privacy laws apply. So any company that violates the General Data Protection Regulation (GDPR) can be fined up to 4% of its total revenue.
If you have an account on the site, it makes no sense to change your password, as the server is still a wild vine. But what you can do is change the password where you use the same.
How to Enable and Disable a User in Windows 10
