Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Blog_Security News: Gearbest might be the worst
#1
Information 
Quote:
[Image: TVDumYE.png]

[Image: gearbest-breach.jpg?width=900]

Payment info and other personal data belonging to millions of e-commerce customers have been found unsecured on the web.

White hat hackers scanning the web for system holes and data leaks stumbled upon an unsecured ElasticSearch server containing millions of Gearbest customer records. Gearbest is an Amazon-style e-commerce site with a focus on tech and Chinese brands. It ships to over 250 countries and publishes 18 subdomains in different languages. Under parent company Globalegrow, Gearbest is a billion-dollar business, but while its privacy policy states that the company encrypts any and all customer info it retains, the unsecured server found online proves that this is not true. Hundreds of thousands of customers are putting themselves at risk daily, adding their info to the growing repository of customer data accumulating for anyone to access.

Furthering the mystery of how security could be so lax, the info found on the unsecured server goes beyond the “usual” info. Researchers were able to access three databases: an “orders” database containing all order info including customer address, phone number, and email; a “payments and invoices” database containing all payment info as well as the customer’s IP address; and a “members” database containing personal info like birthdates, national ID numbers, account passwords, passport info, and, again, IP addresses. Only a portion of all that info is needed for an e-commerce transaction. Researchers question the reasoning for storing unrelated personal info like IP addresses and national IDs.

All customers of Gearbest are advised to monitor all credit card and bank accounts. The personal information leaked online provides everything a bad actor would need to access a customer’s money and then some. With the national ID numbers and passport info, a bad actor could perpetrate identity theft. “The amount of different personal information exposed is really worrisome,” comments Avast Security Expert Luis Corrons. “Apart from identity theft, it could be used to launch targeted attacks against potential victims, from sextortion to spear phishing."
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>