The data of thousands of gearbest users would have been exposed

Gearbest is one of the world's most popular online stores. Specializing in Chinese origin computer and electronics products, with a focus on smartphones, it has climbed positions in the popularity ranking in recent times. However, it seems that the necessary care has not been taken and the data of thousands, perhaps millions, of users, would have been exposed.

Gearbest user data exposed

According to the research carried out by the VPNMentor team, their own hackers were able to access various Gearbest databases related to orders, payments and general user information that is listed as "completely secure".

The report notes that at least 1.5 million pieces of data would have been exposed to hackers. Meanwhile, Gearbest estimates that 280, 000 users would have been affected.

Among the information that would have been accessed are names, identification numbers, passport numbers, order history, shipping addresses, payment details, email addresses and passwords.

The team claims it was able to access this information earlier this month, adding that it discovered "more than 1.5 million recordings." Additionally, the team has stated that it repeatedly contacted Gearbest and its parent company to inform them of this security issue, but received no response.

Gearbest: "third-party data management tools are to blame for the facts"

The online retailer has finally released a statement through the specialized website Android Police . In said statement, the company maintains that its own databases and servers are "absolutely safe". Thus, Gearbest throws balls out proposing that it would be the third-party data management tools that could have been violated.

"The external tools we use are intended to improve efficiency and avoid data overload, and data is only stored in this type of tool for less than three calendar days before it is automatically destroyed, " explains the website, assuring that "powerful firewalls" are used to protect these tools.

However, our investigation reveals that on March 1, 2019, these types of firewalls were breached by one of our security team members for causes that are still under investigation. Such an unprotected situation has directly exposed those tools for digitization and access without additional authentication."

Gearbest believes that affected users are limited to about 280, 000. Likewise, these affected users would be those who made a purchase on the website between March 1 and March 15. As more immediate measures, Gearbest has announced that it is proceeding to send an informative email to all affected users, while deactivating the passwords of newly registered users.

As it is assured by the Android Authority, it is not the first time Gearbest is immersed in a similar situation in which the data of users and customers is put at risk. Last December 2017, at least 150 user registrations were published on the internet. At the time of this incident, the site said hackers were likely to have purchased or acquired user login information from other websites and were using those details in an attempt to log into Gearbest accounts.

Android Authority Font