- Databases belonging to popular electronics retailer Gearbest were apparently left exposed by the firm.
- A white hat security team claimed that over 1.5 million records were accessible, including login details.
- Gearbest has since claimed that third-party data management tools were to blame for the incident.
Gearbest is one of the world’s most popular electronics and smartphone stores, delivering a range of eclectic devices from China and beyond. Unfortunately, it looks like the website wasn’t taking adequate care of its user information.
A white hat security team from VPNMentor (h/t: Android Police) discovered that Gearbest’s user database is “completely unsecured.” The team said its hackers were able to access various databases related to orders, payments, and general user information.
Compromised information reportedly included names, ID numbers, passport numbers, order histories, shipping addresses, payment details, email addresses, and passwords.
The team claimed that it was able to access this information earlier this month, adding that it discovered over 1.5 million records. Furthermore, the team said it repeatedly contacted Gearbest and its parent company to let them know about the breach, but didn’t receive a response.
Gearbest explains breach
The online retailer has since issued a statement via Android Police, claiming that its own databases and servers were “absolutely safe.” The website did however say third-party data management tools may have been accessed by others.
“The external tools we use are intended to improve efficiency and prevent data overload and the data will only be stored in such tools for less than three calendar days before it is automatically destroyed,” the website explained, saying that it used “powerful firewalls” to protect these tools.
“However, our investigation reveals that on March 1, 2019, such firewalls were mistakenly taken down by one of our security team members for reasons still being under investigation. Such unprotected status has directly exposed those tools for scanning and accessing without further authentication.”
Gearbest believes affected users are limited to some 280,000 users who ordered items between March 1 and March 15. It added that it would be sending an email to all affected users, while “inactivating” the passwords of newly registered users.
It’s not the first time Gearbest has been caught in a situation like this, as roughly 150 user records previously hit the internet in December 2017. At the time of this incident, the website said it was likely that hackers bought or acquired user login information from other websites and were using those details in a bid to log in to Gearbest accounts.