Chinese web store Gearbest leaks customer data via unsecured database

The large Chinese webshop Gearbest has leaked data from a large number of customers. VPNMentor researcher Noam Rotem found 1.5 million customer data in the database.


The large Chinese webshop Gearbest has leaked data from a large number of customers. VPNMentor researcher Noam Rotem found 1.5 million customer data in the database.

The data could be viewed because a Gearbest server was not secure. According to Rotem, "anyone without a password" could search for data. New data was added every week, such as home addresses, e-mail addresses, order details and passport information.

Rotem tried to notify Gearbest, but the company did not respond to investigator reports. At this time, the database would still be unsecured.

According to the researcher, some orders are "quite revealing". Not only user data can be viewed, but it is also possible to find out who bought which sex toys, for example.

It is not known when the Chinese company closed the leak and how many users were affected. Rotem warns that "users should know the risks of a website that does not make an effort to protect customers".

ref: nunl