The Gearbest As we all know, it is a huge online store, specializing mainly in Chinese products.
Μafter the revelation of the most serious security gap on his page GearBest, the company made the following statement:
While we have found that all databases installed on the servers used to store or process the Data are protected by all necessary encryption measures and are completely secure, some of the external tools we use to temporarily store the data may have access to others and therefore may have been violated.
The external tools we use are intended to improve protection and prevent data overload, and data is stored on such tools for less than 3 calendar days before being automatically corrupted. Taking into account possible data security breaches, we have protected these tools with strong firewalls to prevent such data from being maliciously attacked by others.
However, our research reveals that 1March 2019, Firewalls were mistakenly disabled by one of our security team members, for reasons that are still under investigation. This lack of data protection by Firewalls has exposed this data to scanning and access by third parties without further authentication.
At this time, we believe this may have affected our new entrants as well as our old customers who placed purchase orders at Gearbest during the period from March 1, 2019 to March 15, 2019, and with a total number of about 280.000 orders. Fortunately, this security gap was fixed by us within two hours of its detection, and we will further strengthen our internal security management to prevent this from happening in the future.
We sincerely apologize for what happened.
In addition to what we have done above, we will urgently take steps to disable the passwords of these newly logged out customers to prevent any illegal login to their accounts, and we will also email all concerned customers to update them on the situation . GearBest official statement
As you can see, this can be bypassed-but not unless you're a techie who knows what he's doing.
Below you can see the history of the security breach problem.
Σthe Android community, the Gearbest is known as one of the easiest ways to buy devices from Xiaomi and other Chinese brands in the United States.
If you bought something from Gearbest in the past by credit card and not through PayPal, you may need to consider changing your credit card, as the company's main database was found to be completely uninsured.
The team security team VPNMentor, led by Noam Rotem, published a report on its safety Gearbest. The team found that the site's main database, as well as the site's sibling databases (including Zaful, Rosegal and DressLily) are easily accessible and contain over 1,5 million files.
Some of the accessible information includes emails, account passwords, IP addresses, birthdays, addresses, payment information and full names.
The team was able to connect to two accounts without much effort. The exact content of each customer's orders is also visible. Its data management console Gearbest was also accessible, which meant that hackers could easily manipulate information about the site, disable parts of the company's servers, and even disrupt warehouse operations. Gearbest.
It is safe to say that this kind of data breach is the worst that can happen, and it may be a good idea to take action before using a credit card to make purchases from Gearbest.
So far there is no official response from GearBest to all of the above, and it remains to be seen what steps it will take to correct the security issue that arises.
Note : Generally this is a problem that can exist in many many other On-Line stores and services, and it is best not to make our transactions via credit card but through third party services such as Paypal - Prepaid Cards - Payment Orders etc.
AND ATTENTION !!!!
We never give bank details - cards etc, to pages that do not have a secure connection via https: // but the simple http: //
[the_ad_group id = ”966 ″]ΜDo not forget to join (register) in our forum, which can be done very easily by the following button…
(If you already have an account in our forum you do not need to follow the registration link)
Follow us on Telegram!
