The Chinese online retailer Gearbest sells its products worldwide and is one of the most successful Internet retailers in the world. The corresponding website is one of the 250 most visited websites in the world. Now security researcher Noam Rotem found out that some customer data of the dealer are freely accessible.
In addition to the general customer data, Rotem was also able to view the order history and payment data. All this information is freely accessible over the Internet and can therefore be seen and used by anyone, which is certainly not in the interest of customers. Gearbest thus afforded a massive data protection glitch. However, the trader has not yet reacted to the breakdown report. The databases have not yet been secured either.
Among the customer data are among other things IP address, name, date of birth, address, nationality and password of the customers. Lists of all orders, order numbers and payment information can also be viewed. Also frightening: Rotem also found a possibility to change the stored data at will.
Rotem discovered the open databases on March 7. Since when they are openly accessible, is not known. This data glitch represents a risk for the online merchant’s affected customers, as their data could be misused.
Techchrunch first reported the data leak. The Techchrunch team also contacted the Gearbest security team, but has received no response. The full report can be read at vpnMentor.