Gearbest data breach: millions of customers data exposed

teacher · March 16, 2019, 1:31am

G0OSE:

Both lol but it’s really pointless since they are accessing the databases, not hacking in to individual accounts - they can literally watch you change it then steal it again (or change it lol) , although I filled out all my details on Gearbest with something other than mine. Teacher, for goodness sake don’t check out to see if your password/s is safe (it may scare you is all) , I just checked some basic ones from like 2 decades ago and they have been royally hacked! worrying, but not overly . Have I Been Pwned: Pwned Passwords
It’s fast becoming very clear to me, the more info companies ‘require’ to make us safe is for sure making us all LESS safe, by quite a big margin. ‘We need your phone number to confirm it’s you’ - fair enough - but DON’T keep it on your systems. I don’t know if any of you have ever tried to remove your details from somewhere you’ve shopped? in my experience they refuse point blank, then quote you a million reasons why you can’t be removed, even if you close an account.

I wouldn’t worry to much about hackers having your email, home address and name/age - you can get all that info without any hacking lol! you can literally buy it legally.

One of the best ways to stay safe, card wise, is to effectively ‘lose’ it every year. They will send you a nice new one with different numbers. a bit of hassle for a few hours whilst you update everything, but works out safer.

Thanks GOOSE, I’ll just remain ’blissfully ignorant’ as far as checking passwords to see if they are “safe” then.
My ole’ heart might not be able to take the excitement/scare……

Joshk · March 16, 2019, 1:32am

Changing your password on Gearbest just gives the hackers both passwords. The old and the new.

teacher · March 16, 2019, 1:39am

Hmmm… good for me! I guess I read that part right then when reading about the GB Breach HERE.

I have changed nothing at this point.

BlueSwordM · March 16, 2019, 1:42am

Luckily, I’m using different types of passwords for different types of accounts.

Lightbringer · March 16, 2019, 1:52am

Interesting. I just got a “payment declined, check with your bank” notice from amazon. Sure enough, card was blocked after fraudwatch caught (impressively, I might add) all but 1 of around 30 bogus charges. Getting a new acct/number now.

Might just take that advice to “lose” the card each year or so.

neBstress · March 16, 2019, 11:45am

I received this email from Gearbest, possibly regarding this very issue.

The_Last_Katun · March 16, 2019, 12:38pm

The information Gearbest has about me is the same information you can read in the phone book of my country; so I’m not worried; Gearbest has no numbers on my card; the email is different from the one I use for Paypal; my phone is in the clear, but nobody can call me (the number is true, but I only allowed it to make calls, not to receive them); for web transaction security I use another phone number.
Anyway, it’s a problem I hope they’ll solve soon.

jon_slider · March 16, 2019, 5:29pm

at my request, Gearbest has deleted my account
I may choose to make another one in the future, if I need anything from them
I would simply use a new password that would be unique to Gearbest, since I understand the info is not secure.

thisnameisvalid · March 16, 2019, 6:20pm

I haven’t bought any lights off Gearbest yet. I almost did a couple weeks ago to get a H03, but found somewhere else. Lucky me!

I don’t really trust foreign online retailers at all to be honest. I don’t think I’ll ever convince myself to actually add my card to any online store, so thank god for PayPal (regardless of its flaws). No paypal = no purchase.

wolfdog1226 · March 16, 2019, 6:41pm

“IF” this is TRUE,I have nothing to worry about.

I originally though my last purchase was April of 2017,then I looked at my records again and my last purchase from them was 2 X Shockli 26650 last August 2018.

chesterqw · March 17, 2019, 12:19pm

I remember they were breached in either 16, 17, or 18.

which was why I gave up buying from gearbest; IIRC the passwords were stored in plaintext, but I could have remembered wrongly.

CrashOne · March 17, 2019, 12:43pm

I remember the same thing @chesterqw.

Gearbest made this post on FB regarding the data breach:

I think they’re not being completely open/honest about this. I don’t think they can just blame this on a firewall. Passwords are still being stored plaintext, how else could they be visible if a database was accessed?

slmjim · March 17, 2019, 3:13pm

"Quote: Our hackers could access different parts of Gearbest’s database, including: ...Members database Data includes name; address; date of birth; phone number; email address; IP address; national ID and passport information..."

Whyinnahell would GB want or need passport info?

slmjim

teacher · March 17, 2019, 3:22pm

Better yet, why would anyone give GB Passport information??

neBstress · March 17, 2019, 4:41pm

For 20 GB points!

Well worth it, a bargain!!

WalkIntoTheLight · March 17, 2019, 5:55pm

Damn… am I stupid for sending them the nude pics of me they asked for?

hank · March 17, 2019, 6:10pm

> national ID

Don’t forget China’s social credit scoring system. Hacking that could do some real damage.

EDCba · March 18, 2019, 1:41pm

Yeah, what? They’re storing password in plaintext?

EDCba · March 20, 2019, 6:13am

Hmm, if gb doesn’t want to delete your account, but anyone has access to their databases…

AgentSteel · March 20, 2019, 8:38pm

Bad news…

Yep. Never use the same password on different websites.

I like to generate random, long complicated passwords using various utilities, like ‘pwgen’ on Linux. (I would avoid online password generators, you never know… if they get breached )

Sort of one time password, just for a session. Then reQuest a password change the next time you need to login.