Thanks GOOSE, I’ll just remain ’blissfully ignorant’ as far as checking passwords to see if they are “safe” then.
My ole’ heart might not be able to take the excitement/scare……
Interesting. I just got a “payment declined, check with your bank” notice from amazon. Sure enough, card was blocked after fraudwatch caught (impressively, I might add) all but 1 of around 30 bogus charges. Getting a new acct/number now.
Might just take that advice to “lose” the card each year or so.
The information Gearbest has about me is the same information you can read in the phone book of my country; so I’m not worried; Gearbest has no numbers on my card; the email is different from the one I use for Paypal; my phone is in the clear, but nobody can call me (the number is true, but I only allowed it to make calls, not to receive them); for web transaction security I use another phone number.
Anyway, it’s a problem I hope they’ll solve soon.
at my request, Gearbest has deleted my account
I may choose to make another one in the future, if I need anything from them
I would simply use a new password that would be unique to Gearbest, since I understand the info is not secure.
I haven’t bought any lights off Gearbest yet. I almost did a couple weeks ago to get a H03, but found somewhere else. Lucky me!
I don’t really trust foreign online retailers at all to be honest. I don’t think I’ll ever convince myself to actually add my card to any online store, so thank god for PayPal (regardless of its flaws). No paypal = no purchase.
I originally though my last purchase was April of 2017,then I looked at my records again and my last purchase from them was 2 X Shockli 26650 last August 2018.
Gearbest made this post on FB regarding the data breach:
I think they’re not being completely open/honest about this. I don’t think they can just blame this on a firewall. Passwords are still being stored plaintext, how else could they be visible if a database was accessed?
"Quote: Our hackers could access different parts of Gearbest’s database, including: ...Members database Data includes name; address; date of birth; phone number; email address; IP address; national ID and passport information..."
Yep. Never use the same password on different websites.
I like to generate random, long complicated passwords using various utilities, like ‘pwgen’ on Linux. (I would avoid online password generators, you never know… if they get breached )
Sort of one time password, just for a session. Then reQuest a password change the next time you need to login.