Gearbest data breach: millions of customers data exposed

The_Last_Katun · 2019-03-16T12:38:21.000Z

The information Gearbest has about me is the same information you can read in the phone book of my country; so I’m not worried; Gearbest has no numbers on my card; the email is different from the one I use for Paypal; my phone is in the clear, but nobody can call me (the number is true, but I only allowed it to make calls, not to receive them); for web transaction security I use another phone number.
Anyway, it’s a problem I hope they’ll solve soon.

jon_slider · 2019-03-16T17:29:39.000Z

at my request, Gearbest has deleted my account
I may choose to make another one in the future, if I need anything from them
I would simply use a new password that would be unique to Gearbest, since I understand the info is not secure.

thisnameisvalid · 2019-03-16T18:20:25.000Z

I haven’t bought any lights off Gearbest yet. I almost did a couple weeks ago to get a H03, but found somewhere else. Lucky me!

I don’t really trust foreign online retailers at all to be honest. I don’t think I’ll ever convince myself to actually add my card to any online store, so thank god for PayPal (regardless of its flaws). No paypal = no purchase.

wolfdog1226 · 2019-03-16T18:41:14.000Z

neBstress:

I received this email from Gearbest, possibly regarding this very issue.

“IF” this is TRUE,I have nothing to worry about.

I originally though my last purchase was April of 2017,then I looked at my records again and my last purchase from them was 2 X Shockli 26650 last August 2018.

chesterqw · 2019-03-17T12:19:47.000Z

I remember they were breached in either 16, 17, or 18.

which was why I gave up buying from gearbest; IIRC the passwords were stored in plaintext, but I could have remembered wrongly.

CrashOne · 2019-03-17T12:43:34.000Z

I remember the same thing @chesterqw.

Gearbest made this post on FB regarding the data breach:

Facebook

Log into Facebook

Log into Facebook to start sharing and connecting with your friends, family, and people you know.

I think they’re not being completely open/honest about this. I don’t think they can just blame this on a firewall. Passwords are still being stored plaintext, how else could they be visible if a database was accessed?

slmjim · 2019-03-17T15:13:59.000Z

"Quote: Our hackers could access different parts of Gearbest’s database, including: ...Members database Data includes name; address; date of birth; phone number; email address; IP address; national ID and passport information..."

Whyinnahell would GB want or need passport info?

slmjim

teacher · 2019-03-17T15:22:19.000Z

slmjim:

“Quote: Our hackers could access different parts of Gearbest’s database, including: …Members database Data includes name; address; date of birth; phone number; email address; IP address; national ID and passport information…”

Whyinnahell would GB want or need passport info?

slmjim

Better yet, why would anyone give GB Passport information??

neBstress · 2019-03-17T16:41:27.000Z

teacher:

Better yet, why would anyone give GB Passport information??

For 20 GB points!

Well worth it, a bargain!!

WalkIntoTheLight · 2019-03-17T17:55:44.000Z

neBstress:

teacher:

Better yet, why would anyone give GB Passport information??

For 20 GB points!

Well worth it, a bargain!!

Damn… am I stupid for sending them the nude pics of me they asked for?

hank · 2019-03-17T18:10:57.000Z

> national ID

Don’t forget China’s social credit scoring system. Hacking that could do some real damage.

Business Insider

China's 'social credit' system ranks citizens and punishes them with...

Chinese people are being introduced to a program that monitors their behavior, scores them, and doles out punishments and rewards.

EDCba · 2019-03-18T13:41:19.000Z

CrashOne:

I remember the same thing @chesterqw.

Gearbest made this post on FB regarding the data breach:

Redirecting...

I think they’re not being completely open/honest about this. I don’t think they can just blame this on a firewall. Passwords are still being stored plaintext, how else could they be visible if a database was accessed?

Yeah, what? They’re storing password in plaintext?

EDCba · 2019-03-20T06:13:50.000Z

Hmm, if gb doesn’t want to delete your account, but anyone has access to their databases…

AgentSteel · 2019-03-20T20:38:12.000Z

Bad news…

Yep. Never use the same password on different websites.

I like to generate random, long complicated passwords using various utilities, like ‘pwgen’ on Linux. (I would avoid online password generators, you never know… if they get breached )

Sort of one time password, just for a session. Then reQuest a password change the next time you need to login.

G0OSE · 2019-03-20T21:39:28.000Z

AgentSteel:

Bad news…

Yep. Never use the same password on different websites.

I like to generate random, long complicated passwords using various utilities, like ‘pwgen’ on Linux. (I would avoid online password generators, you never know… if they get breached :smiling_imp: )

Sort of one time password, just for a session. Then reQuest a password change the next time you need to login.

Exactly - who needs a password generator anyway? just close your eyes and go for it! fpbgrdfgpbfpasrjajrstabrs9ju0-9!~~]ifp][egpwjg~~ there you go! OOPS! I’ll have to change that now lol!

Lightbringer · 2019-03-20T22:26:56.000Z

Maybe I shouldn’t “broadcast” my GB password, but…

Macka17 · 2019-03-21T02:11:39.000Z

Mine is my First wedding date back in ’63.
with a few squiggles and numbers intermingled.
A REAL secure security prog is very important too.
Everything on this and wife’s comp’s
go through a prog my Bank Manager put me onto 12 yrs ago.

Good enuff for me. My Bank’s group operate under it.

Have NEVER had any intrusions or blue screens since.
Plus it locks out anything it thinks naughty and notifies me
keep or delete.
From OUTSIDE my system. Including any Passwords
NOT from this IP addy.

The_Driver1 · 2019-03-21T12:01:12.000Z

Macka17:

Mine is my First wedding date back in ’63.
with a few squiggles and numbers intermingled.
A REAL secure security prog is very important too.
Everything on this and wife’s comp’s
go through a prog my Bank Manager put me onto 12 yrs ago.

Good enuff for me. My Bank’s group operate under it.

Have NEVER had any intrusions or blue screens since.
Plus it locks out anything it thinks naughty and notifies me
keep or delete.
From OUTSIDE my system. Including any Passwords
NOT from this IP addy.

Which program?

EDCba · 2019-03-25T02:24:47.000Z

To their credit, they deleted my account after asking.

mmalive · 2019-03-28T22:21:27.000Z

Yeah, reason I pay with Paypal exclusively. No chance of any credit card information compromised.