back to article Lone staffer killed our shields, claims etailer Gearbest after infosec bods peep at user deets

Researchers working for VPNMentor have accused Chinese e-commerce site Gearbest of storing user information in "completely unsecured" Elasticsearch databases after discovering "1.5 million records" which they were able to access through a browser. The wholesaler – which mostly shifts electronics and whose parent firm is …

  1. Valeyard

    VPNMentor also went into a little detail about those who had bought sex toys from the site, including a Pakistani man who'd treated himself to three dildos. Highlighting Pakistan's backwards attitude to LGBT rights, VPNMentor said "this information could mean a literal death sentence for this user". ®

    Maybe it was for all the hot lady senoritas he has, playa

    1. Anonymous Coward
      Anonymous Coward

      If you have 4 wives and only 1 of you, then buying 3 makes sense to me....

  2. MiguelC Silver badge

    Gearbest insisted the vuln affected an "external tool" rather than its core databases

    What about the account passwords that got exposed, how were they stored? Plaintext, badly encrypted, properly encrypted?

    I wanted to read some more from VPNmentor's blog, but its security cert isn't reliable....

  3. Anonymous Coward
    Anonymous Coward

    Personally I hate GearBest, so love this story

    They use freight forwarding fraud and get goods into the EU without paying taxes on it; been doing it for years.

    1. ninjakidd

      Re: Personally I hate GearBest, so love this story

      Brilliant, means I don't have to pay stupidly high prices and shipping costs. Don't know what your problem is, unless you work for the Inland revenue of course.

  4. Anonymous Coward
    Anonymous Coward

    I used my credit card on Gearbest 12months ago and a few days ago I had someone charge a small fraudulent transaction to it, a company called "KINTRADE". Luckily the bank caught it but the card is now cancelled. Anyone else had a similar experience?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019