Gearbest data breach: millions of customers data exposed

69 posts / 0 new
Last post

Pages

CrashOne
Offline
Last seen: 1 hour 51 min ago
Joined: 02/18/2014 - 13:29
Posts: 309
Location: The Netherlands
Gearbest data breach: millions of customers data exposed

Just to let you guys know (as many BLF’ers might have ordered from Gearbest and might be a victim):

https://www.reddit.com/r/3Dprinting/comments/b13p8o/gearbest_databases_r...

https://www.vpnmentor.com/blog/gearbest-hack/

Quote:
Our hackers could access different parts of Gearbest’s database, including: Orders database Data includes products purchased; shipping address and postcode; customer name; email address; phone number Payments and invoices database Data includes order number; payment type; payment information; email address; name; IP address Members database Data includes name; address; date of birth; phone number; email address; IP address; national ID and passport information; account passwords We accessed these databases in March 2019, and discovered 1.5+ million records. Gearbest’s database isn’t just unsecured. It’s also providing potentially malicious agents with a constantly-updated supply of fresh data.

Best practice for now: Change your password, let’s hope Gearbest gives a reaction to this breach and of course solves the issues they have.

Petr J.
Petr J.'s picture
Offline
Last seen: 1 week 3 days ago
Joined: 05/20/2018 - 10:07
Posts: 271
Location: CZ

Thanks. Password changed.

Pete7874
Pete7874's picture
Online
Last seen: 4 min 35 sec ago
Joined: 11/23/2011 - 16:47
Posts: 2585
Location: USA

Thanks for the heads-up.

Muto
Offline
Last seen: 16 hours 54 min ago
Joined: 09/04/2012 - 16:42
Posts: 1947
Location: Southeast, PA

Sheet never ends.
Gets old man.

Thank God for Paypal.

After the Apocalypse there will be only 2 things left alive Cockroaches and Keith Richards
..
I used her, she used me
But neither one cared
We were gettin’ our share

mihlit
Offline
Last seen: 1 hour 23 min ago
Joined: 11/08/2018 - 04:50
Posts: 158
Location: Czech Republic

Just curious, why change password now? Breach was announced, but it was not one time leak but a report that database access is not secured. I can’t see any response from gearbest that problem was investigated and fixed. In that case, they got your old password and if you change it, they can get your new password too.

Reason to change password now would be if you’ve used the same password somewhere else, which you should never do anyway.

You will have to change the gearbest password (again) after gearbest fixes the problem (if that happens)

rost333
rost333's picture
Offline
Last seen: 1 hour 21 min ago
Joined: 08/08/2018 - 10:01
Posts: 194

You can check if your email’s password is hacked here: https://haveibeenpwned.com/

ChibiM
ChibiM's picture
Offline
Last seen: 12 hours 54 min ago
Joined: 05/09/2011 - 10:25
Posts: 6051
Location: Holland/Japan

thanks for sharing.. changed my PW

tundraotto
Offline
Last seen: 1 month 4 weeks ago
Joined: 10/12/2018 - 13:38
Posts: 119
Location: United States

mihlit wrote:
Just curious, why change password now? Breach was announced, but it was not one time leak but a report that database access is not secured. I can’t see any response from gearbest that problem was investigated and fixed. In that case, they got your old password and if you change it, they can get your new password too.

Reason to change password now would be if you’ve used the same password somewhere else, which you should never do anyway.

You will have to change the gearbest password (again) after gearbest fixes the problem (if that happens)

^^^This

Changing your password doesn’t fix anything.

sp5it
sp5it's picture
Online
Last seen: 6 min 16 sec ago
Joined: 12/25/2012 - 07:51
Posts: 790
Location: Poland

I’m changing passwords every month and suggest you do the same.
Mike

Think of how stupid the average person is, and realize half of them are stupider than that. George Carlin

 Anyone offended by my signature please fill Complaint Form. Thank you.

Joshk
Offline
Last seen: 2 hours 48 min ago
Joined: 09/09/2015 - 12:12
Posts: 1191
Location: USA

Muto wrote:
Sheet never ends.
Gets old man.

Thank God for Paypal.


I know.
And then if you used Paypal your home address and email address are still stolen…
RobertB
RobertB's picture
Offline
Last seen: 1 day 5 hours ago
Joined: 12/18/2015 - 17:49
Posts: 3182
Location: USA, Michigan
Quote:
Gearbest’s database isn’t just unsecured. It’s also providing potentially malicious agents with a constantly-updated supply of fresh data.

So what good does it do to change your password if the hackers can get in any time they want? I just went in and updated all my personal info to bogus info, and will just never shop there again. Would delete my account, but don’t see a way to do it. I use paypal, so at least they don’t have any financial info

CrashOne
Offline
Last seen: 1 hour 51 min ago
Joined: 02/18/2014 - 13:29
Posts: 309
Location: The Netherlands

mihlit wrote:
Just curious, why change password now? Breach was announced, but it was not one time leak but a report that database access is not secured. I can’t see any response from gearbest that problem was investigated and fixed. In that case, they got your old password and if you change it, they can get your new password too.

Reason to change password now would be if you’ve used the same password somewhere else, which you should never do anyway.

You will have to change the gearbest password (again) after gearbest fixes the problem (if that happens)

This is just good practice, mainly because if they had access, anybody could have had access. Changing your password is the least you can do, it prevents people from accessing your Gearbest account. Next to that, if you use the same password for multiple websites, change is everywhere to a unique one for each website.

And you’re right, in the future you might want to change your password again if the fix the problem,

WalkIntoTheLight
Offline
Last seen: 20 hours 3 min ago
Joined: 12/05/2015 - 10:26
Posts: 1793
Location: Canada

I just assume that when I give info to a Chinese company, all my data is “hacked”.

RobertB
RobertB's picture
Offline
Last seen: 1 day 5 hours ago
Joined: 12/18/2015 - 17:49
Posts: 3182
Location: USA, Michigan

Here’s info about Gearbest basically denying they were hacked over a year ago. Apparently, nothing has changed with that company.

https://www.androidauthority.com/gearbest-email-password-hack-leak-breac...

lampliter
lampliter's picture
Offline
Last seen: 2 days 2 hours ago
Joined: 07/31/2017 - 16:06
Posts: 122
Location: Paradise

My data is so fubared that even the hackers are confused Hat

Out of clutter find simplicity---Einstein

M4D M4X
M4D M4X's picture
Offline
Last seen: 1 hour 58 min ago
Joined: 03/19/2014 - 05:17
Posts: 7245
Location: Austria (GMT + 1)

thanks M8

PW changed

 

 

already member of M4DM4X.com ?

the best deals are waiting for YOU!

 

before you buy elsewhere mail me: MARTIN@M4DM4X.COM - i will try to save you money!

desmondkun
desmondkun's picture
Offline
Last seen: 13 hours 4 min ago
Joined: 12/11/2016 - 14:51
Posts: 332
Location: Thailand

PW changed

It’s all I can do for now. Facepalm

Take care of your flashlight and your flashlight will take care of you.

TheOnlyDocc
TheOnlyDocc's picture
Online
Last seen: 12 min 7 sec ago
Joined: 06/26/2015 - 05:17
Posts: 796
Location: Mönchengladbach /Germany

Interesting to read that Zaful, Rosegal, DressLily and Gearbest are having the same parent company (Globalegrow). And if you belive whats written on vpnMentor they all have the same security problem.
Changing the password is useless unless they fix the breach. Only if you use your GB, Rosegal,DressLily. . . password also on other sites (like your e-mail acc. . . .)it is usefull to change the password (for your e-mail. . . ).

New LuckySun D80 looking good so far http://budgetlightforum.com/node/66255

Couchmaster
Offline
Last seen: 2 weeks 1 day ago
Joined: 05/04/2016 - 17:11
Posts: 158
Location: USA

This explains why Google sent me a “your gmail account may have been breached” or “Was this you”. Statement yesterday. Changed my email password.

flightless22
flightless22's picture
Offline
Last seen: 19 hours 18 min ago
Joined: 11/19/2018 - 12:07
Posts: 98
Location: California

I kind of figured they would be lax on security. My purchase history is rather boring. But on the bright side of these high volume data leaks is your information will have to shifted through millions of other peoples data, that is unless your a specific target.

G0OSE
G0OSE's picture
Offline
Last seen: 1 hour 28 min ago
Joined: 09/03/2014 - 12:34
Posts: 682
Location: uk

I think, instead of welcoming Gearbest on this site with open arms – they should now be banned. End of.
Yes I like cheap lights, but not at the expense of giving away my personal data.
I would love to read any arguments for them to carry on ‘business as usual’ on this site.
After reading those articles they should not be on here.

wolfdog1226
wolfdog1226's picture
Offline
Last seen: 2 weeks 6 days ago
Joined: 10/09/2013 - 20:47
Posts: 2120
Location: Acquasanta,Italia/ Valley Forge, Pa. USA

G0OSE wrote:
I think, instead of welcoming Gearbest on this site with open arms – they should now be banned. End of.
Yes I like cheap lights, but not at the expense of giving away my personal data.
I would love to read any arguments for them to carry on ‘business as usual’ on this site.
After reading those articles they should not be on here.
I agree.

I have not bought anything from them in 2 years. Should I be Concerned?

I guess they still have my info?

Solitude breeds contemplation which creates clarity. 

Environment molds a person. Perseverance changes them. 

                                                                   WOLFDOG 

Firelight2
Firelight2's picture
Online
Last seen: 3 min 29 sec ago
Joined: 04/08/2011 - 15:17
Posts: 3487
Location: California

mihlit wrote:
Just curious, why change password now? Breach was announced, but it was not one time leak but a report that database access is not secured. I can’t see any response from gearbest that problem was investigated and fixed. In that case, they got your old password and if you change it, they can get your new password too.

Reason to change password now would be if you’ve used the same password somewhere else, which you should never do anyway.

You will have to change the gearbest password (again) after gearbest fixes the problem (if that happens)

Better safe than sorry. Changing the password now may or may not help, but it certainly shouldn’t hurt even if it means we need to change it again in a few weeks.
Joshk
Offline
Last seen: 2 hours 48 min ago
Joined: 09/09/2015 - 12:12
Posts: 1191
Location: USA

Sadly, there are no consequences for the vendors that carelessly handle your data. So these things just happen again, and again, and again…

flightless22
flightless22's picture
Offline
Last seen: 19 hours 18 min ago
Joined: 11/19/2018 - 12:07
Posts: 98
Location: California
Joshk wrote:
Sadly, there are no consequences for the vendors that carelessly handle your data. So these things just happen again, and again, and again…

Equifax comes to mind. Angry

G0OSE
G0OSE's picture
Offline
Last seen: 1 hour 28 min ago
Joined: 09/03/2014 - 12:34
Posts: 682
Location: uk

wolfdog1226 wrote:
G0OSE wrote:
I think, instead of welcoming Gearbest on this site with open arms – they should now be banned. End of.
Yes I like cheap lights, but not at the expense of giving away my personal data.
I would love to read any arguments for them to carry on ‘business as usual’ on this site.
After reading those articles they should not be on here.
I agree.

I have not bought anything from them in 2 years. Should I be Concerned?

I guess they still have my info?

They do, and so does the hackers, in fact, after reading that link given above – ANYONE can do it.
There are even youtube videos showing you how to.
The only way to send these idiots with no care or thought for your personal details (this has gone on again and again, and again) a message is to completely cut them out, like a wart – it’s the only thing that will change their ways.
We all see on here how little respect for the customer Gearbest has – let’s be clear about this – all they want is your money at ANY cost.
From what I’ve read and has been echoed above they don’t even need your password (the hackers) – that is they are getting in without it! The door is still open too apparently and has been for quite a while – from what I’ve read it’s the app that has allowed this – they knew about it and did nothing. They don’t even have the decency to admit it and warn their customers – in fact they deny it.

matik42
Offline
Last seen: 28 min 48 sec ago
Joined: 06/03/2016 - 15:53
Posts: 98
Location: Estonia

Change your password not in gearbest but any site where you reused same password

Joshk
Offline
Last seen: 2 hours 48 min ago
Joined: 09/09/2015 - 12:12
Posts: 1191
Location: USA

Here’s a quick checklist to regain your privacy:
Change your email address
Setup unique passwords for all sites that used the Gearbest password
Change your name (the one your mother gave you is compromised)
Change your address (aka, move across town)
Get your credit card number changed.

Yea, that should about do it. No biggie. Tired

alchemi
Offline
Last seen: 13 hours 29 min ago
Joined: 09/01/2018 - 05:55
Posts: 80
Location: London, UK

Thanks for warning. Password changed —- but be warned they only accept 32 character length, so if you are using a password program to generate long passwords set it to 32 char

G0OSE
G0OSE's picture
Offline
Last seen: 1 hour 28 min ago
Joined: 09/03/2014 - 12:34
Posts: 682
Location: uk
alchemi wrote:
Thanks for warning. Password changed —- but be warned they only accept 32 character length, so if you are using a password program to generate long passwords set it to 32 char

The password length has no relevance in this case (on Gearbest), they are getting in without it and then finding it out.

If anyone uses the same password on more than 1 site these days, one could say they deserve to be hacked…… that is about as lazy and slack as it gets. I bet some even use words……worse still memorable dates then put these dates in usernames or on facehack. Facepalm
Just for those who don’t know, your passwords should look something like this – ./oo%uyhnjTYJQ1345556!&*mjfp NOT CollinsJohn1963… especially when the username is JohnCollins63 (sorry I don’t mean to be condescending, but some people really ARE that silly/just don’t know)

G0OSE
G0OSE's picture
Offline
Last seen: 1 hour 28 min ago
Joined: 09/03/2014 - 12:34
Posts: 682
Location: uk

WOW it really does show how crap their site is when you change ALL your details, and I mean everything…. and then you can login with your old email address! Really, just about sums it up!

Pages