News

Researchers invade ‘unsecured’ customer database Gearbest

By admin
Spread the love

According to VPNMentor researchers, they managed to penetrate various parts of the database of the Chinese online store Gearbest and found data about orders, payments and customers.

The VPNMentor team, led by Israeli security researcher Noam Rotem, was able to access personal details of orders, payments and customer data including passport information and account passwords after the break-in. In total, this involved more than 1.5 million database entries
that the team managed to discover this month. According to the researchers, the Elasticsearch database was not protected and much data such as passwords was not encrypted.

As an example of how bad it is for an online store to expose a database, VPNMentor reports that it could view personal data of buyers of sex toys, who can get into serious trouble in some countries if this becomes known to authorities.

The researchers also got URL access to the Kafka data management system from Gearbest and parent company Globalegrow. This would give attackers the opportunity to disable entire parts of servers. The investigators had given Gearbest several days to respond, but have not yet received a response.

You might also like
News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Acer also comes with Radeon video card with two different types of fans

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Rumor: Meta wants to release open source language model LLaMA as a paid product