Gearbest data breach: millions of customers data exposed

Sadly, there are no consequences for the vendors that carelessly handle your data. So these things just happen again, and again, and again…

Equifax comes to mind. :rage:

They do, and so does the hackers, in fact, after reading that link given above - ANYONE can do it.
There are even youtube videos showing you how to.
The only way to send these idiots with no care or thought for your personal details (this has gone on again and again, and again) a message is to completely cut them out, like a wart - it’s the only thing that will change their ways.
We all see on here how little respect for the customer Gearbest has - let’s be clear about this - all they want is your money at ANY cost.
From what I’ve read and has been echoed above they don’t even need your password (the hackers) - that is they are getting in without it! The door is still open too apparently and has been for quite a while - from what I’ve read it’s the app that has allowed this - they knew about it and did nothing. They don’t even have the decency to admit it and warn their customers - in fact they deny it.

Change your password not in gearbest but any site where you reused same password

Here’s a quick checklist to regain your privacy:
Change your email address
Setup unique passwords for all sites that used the Gearbest password
Change your name (the one your mother gave you is compromised)
Change your address (aka, move across town)
Get your credit card number changed.

Yea, that should about do it. No biggie. :weary:

Thanks for warning. Password changed —- but be warned they only accept 32 character length, so if you are using a password program to generate long passwords set it to 32 char

The password length has no relevance in this case (on Gearbest), they are getting in without it and then finding it out.

If anyone uses the same password on more than 1 site these days, one could say they deserve to be hacked…… that is about as lazy and slack as it gets. I bet some even use words……worse still memorable dates then put these dates in usernames or on facehack. :person_facepalming:
Just for those who don’t know, your passwords should look something like this - ./oo%uyhnjTYJQ1345556!&*mjfp NOT CollinsJohn1963… especially when the username is JohnCollins63 (sorry I don’t mean to be condescending, but some people really ARE that silly/just don’t know)

WOW it really does show how crap their site is when you change ALL your details, and I mean everything…. and then you can login with your old email address! Really, just about sums it up!

The Eqiifax breach was way more serious than this. And they were arrogant about it to add insult to injury. The hackers are sitting on this treasure trove of info and using it as they see fit. One year later one of my credit cards is used to buy a time share in the Philippines. Who knows what is next. Social Security #s , everything.

Thanks for sharing, changed PW.

Changed my password.

I’m not sure that is correct? Yes, it means your email address has been shared/published, but so far as I know it doesn’t mean your password has been hacked? of course I may well be wrong. (please let me know if you know different)
Yes the hackers of Gearbest may have your email address and GEARBEST password, but surely not your email password since I have never put that on there?

’What is a “breach” and where has the data come from?

A “breach” is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. HIBP aggregates breaches and enables people to assess where their personal data has been exposed.
Are user passwords stored in this site?

When email addresses from a data breach are loaded into the site, no corresponding passwords are loaded with them. Separately to the pwned address search feature, the Pwned Passwords service allows you to check if an individual password has previously been seen in a data breach. No password is stored next to any personally identifiable data (such as an email address) and every password is SHA-1 hashed (read why SHA-1 was chosen in the Pwned Passwords launch blog post.) ’

There is another page for checking Passwords

Which ‘password’ are you all changing??

  • Your GearBest account password ’OR’ your email password??

Both lol but it’s really pointless since they are accessing the databases, not hacking in to individual accounts - they can literally watch you change it then steal it again (or change it lol) , although I filled out all my details on Gearbest with something other than mine. Teacher, for goodness sake don’t check out to see if your password/s is safe (it may scare you is all) , I just checked some basic ones from like 2 decades ago and they have been royally hacked! worrying, but not overly . Have I Been Pwned: Pwned Passwords
It’s fast becoming very clear to me, the more info companies ‘require’ to make us safe is for sure making us all LESS safe, by quite a big margin. ‘We need your phone number to confirm it’s you’ - fair enough - but DON’T keep it on your systems. I don’t know if any of you have ever tried to remove your details from somewhere you’ve shopped? in my experience they refuse point blank, then quote you a million reasons why you can’t be removed, even if you close an account.

I wouldn’t worry to much about hackers having your email, home address and name/age - you can get all that info without any hacking lol! you can literally buy it legally.

One of the best ways to stay safe, card wise, is to effectively ‘lose’ it every year. They will send you a nice new one with different numbers. :wink: a bit of hassle for a few hours whilst you update everything, but works out safer.

changing the password on Gearbest does not help, if that password is also being used on other sites

in fact, if you change to another password, that you use on other sites

then you just gave away another password

what needs to be done:

IF gearbest had, or has, the same password you use anywhere else

change the password on those other sites

What did the hackers gain? Anyone is missing any points?
They made my points expire to soon. :frowning:

Thanks password changed

Thanks GOOSE, I’ll just remain ’blissfully ignorant’ as far as checking passwords to see if they are “safe” then. :smiley:
My ole’ heart might not be able to take the excitement/scare…… :smiley:

Changing your password on Gearbest just gives the hackers both passwords. The old and the new.

Hmmm… good for me! I guess I read that part right then when reading about the GB Breach HERE.

I have changed nothing at this point. :wink: