Gearbest: Leak in customer database affected 280,000 customers

Gearbest has publicly apologized for the recently noted leak in a server that stored customer data. The Chinese web store also indicated that the leak has now been fixed, and that data from about 280,000 customers has been read.

The Chinese online store explained in a statement that was posted on the company’s Facebook page, among other things. After VPNMentor researchers stated on Friday that they had penetrated a customer database, an immediate investigation was carried out and the leak was said to have been fixed after two hours.

According to Gearbest, the security researchers hacked into a remote server where customer data is temporarily stored for efficiency. The data on the relevant server is deleted three days after saving, leaving a relatively small amount of data on it. Still, 280,000 customers have been affected by the server intrusion.

Customers who placed an order on Gearbest between March 1 and March 15 may have been exposed to the security researchers. Customers who have been involved with the hack will receive a personal message, and in addition, the web store, in addition to apologies, indicates that it is taking measures to prevent such security vulnerabilities in the future.

The VPNMentor researchers themselves state that in addition to access to customer data, they also received URL access to the Kafka data management system of Gearbest and parent company Globalegrow. This would give attackers the opportunity to disable entire parts of servers.