TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Deribit claims crypto hedge fund Three Arrows failed to repay $80mn

    July 2, 2022

    Missile strikes rekindle fear among Kyivans as Moscow renews attacks

    July 2, 2022

    FTX agrees deal with option to buy BlockFi for up to $240mn

    July 2, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Twitch is testing channel surfing

      July 2, 2022

      You can now play the “all your base are belong to us” game on your Switch

      July 2, 2022

      There’s a better way to bypass Windows 11 install restrictions

      July 2, 2022

      What is the best controller for Xbox consoles?

      July 1, 2022

      The GPU shortage is over

      July 1, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»E-Commerce Company Gearbest Leaked User Information
    Cyber Security

    E-Commerce Company Gearbest Leaked User Information

    March 15, 2019Updated:March 15, 2019No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Chinese e-commerce company Gearbest has failed to properly secure some of its databases, thus leaking users’ personally identifiable information (PII), VPNMentor’s researchers have discovered. Gearbest has downplayed the impact of the incident, which it has blamed on an error made by a member of its security team.

    Highly successful, Gearbest sells electronics and appliances, clothing, accessories, and homeware. Owned by Chinese conglomerate Globalegrow, the company ships to most countries around the world and operates several internationally successful sites.

    However, one of the company’s databases, an Elasticsearch cluster, and those belonging to its sister companies were found to be completely unsecured, thus allowing potential hackers to access a broad range of data, including orders, payments and invoices, and information on its customers.

    These databases leaked information such as products purchased, shipping address and postcode, and customer name, email address, phone number, order numbers, payment information, IP address, username, address, date of birth, national ID and passport details, and account passwords.

    The security researchers say they were able to access a database containing over 1.5 million records, and that sensitive information such as email addresses and passwords was being stored unencrypted, although the company claims to be properly protecting user data.

    On top of that, a lot of the information included in the database (such as the IP address) isn’t required when completing the duties of an e-commerce store.

    “This is particularly worrying given the current trend towards a more open and honest internet. Services providers across multiple industries, strive to increase transparency for their customers. Gearbest’s shady practices do the opposite,” VPNMentor notes.

    The researchers claim that the leaked information allowed them to access Gearbest accounts and make changes to the login information and other data associated with them. Malicious hackers could have abused the data to steal customer identities or perform other operations.

    With customers from all over the world, some of the leaked data, such as the full content of orders, could prove damaging to users in countries with strict laws.

    On top of that, some of the leaked information included URL access to Gearbest’s – and Globalegrow’s – Kafka system, a data management program that allows companies to manage the amount of site data sent through their servers to maintain efficiency and collect big data.

    “This kind of access allows malicious hackers to manipulate information, reassign database properties, and even disable entire sections of the company’s server. Depending on the function of each server, this could disrupt data collection, order placement, and stock and warehouse management,” the researchers say.

    The researchers claim they have repeatedly attempted to contact both Gearbest and Globalegrow to inform them of the unprotected database, but that they received no response by the time they published their research.

    In a statement published after VPNMentor disclosed its findings (complete statement is at the end of the article), Gearbest claimed that only a database associated with external tools used to improve efficiency and prevent data overload was exposed to the Internet for a short period of time, due to an error made by a member of its security team. The company says the number of impacted customers is only around 280,000, representing users who placed orders between March 1 and March 15. The company claims it has taken steps to secure the data and the accounts of affected users.

    “Companies like Gearbest cannot afford to ignore vulnerability reports from external security researchers. […] In Gearbest’s case, a database containing huge swaths of sensitive customer information is critical to the business, and addressing any vulnerabilities in its security should have been highly prioritized. Organizations must adopt advanced security platforms to proactively manage risk and avoid breaches instead of reacting to a security incident after it occurs,” Jonathan Bensen, CISO and senior director of product management at Balbix, told SecurityWeek in an emailed comment.

    “Gearbest’s incident stands out since passport numbers, national ID numbers and full sets of unencrypted data, including email addresses and passwords were among the exposed information. This data could allow hackers to easily steal Gearbest’s customers’ identities by cross-referencing with other databases, and allow malicious actors access to online government portals, banking apps, health insurance records, and more,” Brian Johnson, CEO and co-founder of DivvyCloud, said.

    “What we’ve seen — and continue to see — is companies are accelerating their use of technologies more than they’re enabling their teams or hiring effective people, and that will be the downfall of utilizing servers like Elasticsearch. The data exposure highlights how modern data repositories have created a fundamental conflict in businesses,” Terry Ray, SVP and Imperva Fellow, commented.

    view counter

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Tips to bolster cybersecurity, incident response this 4th of July weekend

    July 1, 2022 Cyber Security

    Jon Raper named CISO at Costco

    July 1, 2022 Cyber Security

    2022 RSAC takeaways: Risk management vs compliance

    July 1, 2022 Cyber Security

    3 security lessons we haven’t learned from the Kaseya breach

    July 1, 2022 Cyber Security

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security
    Editors Picks

    Missile strikes rekindle fear among Kyivans as Moscow renews attacks

    July 2, 2022

    FTX agrees deal with option to buy BlockFi for up to $240mn

    July 2, 2022

    The end of the frictionless life

    July 2, 2022

    Twitch is testing channel surfing

    July 2, 2022
    Trending Now

    What is the best controller for Xbox consoles?

    By techbizweb

    Klarna valuation crashes to $6.5bn from $46bn

    By techbizweb

    The GPU shortage is over

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.