I’m on mobile the rest of the evening…researching this is too cumbersome at the moment.It just seems too important to not share.
for u :+1:
For GB :person_facepalming:
Good stuff - thanks for the Heads-up!!
Changing password for that place (all sites naturally have a different one).
Can´t think anything else to do than change it…
You could look into setting up a password manager like Lastpass. They can automatically generate random, unique passwords for each site, and automatically fill them in. This lets you have a different password for every site, and each password can be stronger, because you don’t have to worry about remembering them.
LastPass has a browser extension, as well as an app for your phone, and can sync passwords between them. There are other choices as well, but the syncing feature is why I’m using it.
This is bad.
other forums and the main source have uploaded actual accounts and… they work. you can just copy/paste the u:p and log onto another gearbest account. really, really bad.
no clue whether this was only a portion or the entire leak… but seems weird to have only a few accounts. I bet someone got thousands of live accounts with full addresses, gp points, wallet credit, emails, passwords, etc
edit:
if anybody here is concerned, some report the data might come from an insecure API for the Gearbest app. you should change your email/password if you are using it.
I have read that the Gearbest App API had a security hole whereby any account can be compromised, whether that person uses the app or not. This flaw existed for several months. Therefore I expect the pastebin is just the tip of the iceberg…maybe a hacker who is selling millions of account details posting ‘proof’ of a few hundred.
I am very unimpressed with Gearbest’s response. They were informed at least a week ago.
wow this is bad… im worried 
Just thought about my response, all other forums also say nothing was done to address this. With no fix in place even changing user:pass wouldn’t help?
Scary stuff. Just changed my password with LastPass’s secure password generator
Until they fix the flaw, changing user:pass will not prevent a hacker getting into your account again.
Have they fixed the flaw yet? I don’t know. That’s why their lack of communication is troubling. I want them to acknowledge the hack and explain what steps they have taken to fix their system and improve their security in the future.
Yeah this is posted on a number of sites. Looks like I’m changing a number of passwords. fun fun fun
brutal! Not happy
Wow, just changed my password for my crx@yahoo.com account from Irffgg5ry6777gffh*hgcde411 to Irffgg5ry6777gffh*hgcde412.
Nice & secure again 
:+1:
This is why I have completely different passwords for each site
Dear Valued Customers,
We kindly bring your attention to the fact that some unidentified hackers gained large amounts of personal data from other websites and are trying to use this data to deceptively sign into Gearbest.
Immediately after identifying this irregularity, we have frozen a few hundred affected accounts and updated our IT system for suspicious IPs. The situation is completely under control.
However, for your personal account security, we kindly recommend that you change your password if you feel that it is too simple (password with a combination of letters, numbers and symbols are considered to be more complex). At the same time, we also recommend that you do not use the same email address and password on different websites.
We will always be 100% committed to maintain our website as a safe and reliable place for your guaranteed shopping experience.
If you have any queries or may need any assistance, please contact our Support Team
Yours Sincerely
I don’t keep my passwords in my head, they are “written down” securely enough for my needs.
Best way for my needs - with one password I can access my list from anywhere with any platform with net. No applications installed, or updated, or not working on just THIS phone etc etc, tired of that.
Yes, they are letters yes, there are numbers, upper cases and symbols. Yes, every site has different.
Here is the list of the hacked passwords
No capital letters? That’s not exactly a secure password… 
actually the Capital letter wont help much, adding 1 more character is more helpful
My password is down to number 36 this year. Any hints on how to improve my ranking for next year?