Just saw it over reddit , and I'm bit concerned about this ..
https://www.reddit.com/r/technology/comments/7kops5/gearbest…
Mod: Pastebin link removed. Users can check their email address at https://haveibeenpwned.com/ to see if their details have been leaked.
Paste title Date Emails
x70 gearbest 19 Jun 2017, 23:24 115
So you thought it was a good idea to post the link here ?
Thanks, now we can log in to their accounts and even their email address if they use the same password.
which is very likely reused on other websites.
That's about half the people online. Fully half of the users online act like (profanity) retards when it comes to online account security.
oh nooooo
Wow, they got warned about the leak 4 days ago, but still haven't done anything!? What gross incompetence.
Looks like I don't have a Gearbest account, phew!
Maybe I did but signed in with Google - that should mean these idiots never see my password…
Their customer service reps aren't going to have a clue. I'll email one of their managers and get them to look at it.
the last time i tried contacting their cust service i received a reply back in italian
Wp gg
Mod: URL for leaked info removed
what can one do with this? order items?
Login into their account and see all there details
Use their points, changes account pw and email, etc
Also their paypal account might have the same password
Login into their account and see all there details
i see. the shipping address belonging to a buyer somewhere in russia could be of interest to someone.
Use their points, changes account pw and email, etc
most of the accounts have 0 point and $0 credit. no danger there.
changes account pw and email, etc
hijacking a bunch of worthless account to what end?
Also their paypal account might have the same password
this one is a life lesson.
this is why tech savvy people always tell the rest to don't use the same password and change it a few times a year. but do they ever listen, no.
These days a password manager is pretty much mandatory. Very hard to keep track of hundreds/thousands of unique passwords otherwise.
Also, enabling two-factor authentication whenever possible is crucial.
@Quantumcat: Check out LastPass. Works great, especially if you have a mobile with a fingerprint scanner.
t https://haveibeenpwned.com/ to
damn.
Pwned on 11 breached sites and found 3 pastes (subscribe to search sensitive breaches)
what should i do?
Despair
Kimble
Just change your passwords, you should be sweet.
Why be sweet when you can be salty!
Hmmm, interesting!
I was submitting a support ticket yesterday for an item that I purchased over a month ago and during the process I was re-directed back to the home page and noticed I was logged in as someone else.
Refreshing the page seemed to fix it, although it was a concern on the security of their website.
Hmmm, actually quite surprising all most all of the accounts have a decent password…. I was expecting half(or more) of them to just be like 12345678 or something trivial…lol
I guess maybe indicative of the GearBest customers.
I just spotted some posts in various reddit subs that some Gearbest customer username, password and order info was stored in plain text and subsequently shared on pastebin. A customer searched his email address and found it.
I use unique passwords for all accounts and have checked https://haveibeenpwned.com/ and found I am not in the paste.
Here's one of the relevant Reddit posts
Happy Xmas.
From their Facebook Page
Dear Valued Customers,
We kindly bring your attention to the fact that some unidentified hackers gained large amounts of personal data from other websites and are trying to use this data to deceptively sign into Gearbest. Immediately after identifying this irregularity, we have frozen a few hundred affected accounts and updated our IT system for suspicious IPs. The situation is completely under control.
However, for your personal account security, we kindly recommend that you change your password if you feel that it is too simple (password with a combination of letters, numbers and symbols are considered to be more complex). At the same time, we also recommend that you do not use the same email address and password on different websites.
We will always be 100% committed to maintain our website as a safe and reliable place for your guaranteed shopping experience.
If you have any queries or may need any assistance, please contact our Support Team
Yours Sincerely
Gearbest.com
Interesting. They're suggesting that the information may not have leaked from their site, but another source. A good reminder not to have the same passwords for every site.
It's a shame their stock price had to take a dive. Good time to swoop in I guess.
Has your details been leaked?