From TechCrunch
Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders, security researchers have found.
Security researcher Noam Rotem found an Elasticsearch server leaking millions of records each week, including customer data, orders, and payment records. The server wasn’t protected with a password, allowing anyone to search the data.
Best to keep an eye out for suspicious emails now (always).
it's the second:
This is the second security issue at Gearbest in as many years. In December 2017, the company confirmed accounts had been breached after what was described as a credential stuffing attack.
The actual report by the researchers is alarming that they gained access to Globalegrow's system. GG's parent company are a massive clothing/cross border commerce company with interests in at least a hundred online stores/brands, importing luxury goods into China and even supplying goods to Kmart and Target.
That could be the jackpot of data if it leads back into the system!
Definitely not a good timing when they are celebrating their 5th birthday next week. It's probably going to haunt the deals posted here in the next couple of years.
I've had a lot of trouble trying to shop with GearBest in the past and had to give up!
Basically they would only accept Western Union for payment which is very worrying and not worth the risk so I gave up on ever trying to shop with them.
Their customer service is also none existent, It's like trying to communicate with a retarded robot!
Are you sure you were on the right site? They literally have Buy with PayPal button on every product.
Yes, every time I pay with PayPal they claim to process the order and then 24hrs later the order is cancelled for an unknown reason?
This has happened more than 20 times and the same with 3 other credit cards, after many, many (too many) emails they say to just pay using Western Union Money Transfer.
There is no way I'm using Western Union as that is just quick a way to lose my money. I do not trust GearBest and I thought contacting their customer service would surely solve the problem but no way!
you honestly cannot be on the right site.
Have had zero issues paying with paypal ever with them.
@JTTheMan: Here’s the proof
“Your refund order xxxxxxxxxzx had been processed and completed. This is the reference number for the refund: xxxxxxxxxxxx
The refunded amount is $7.59. Please kindly check your account balance to confirm.
Please note:
For orders paid with PayPal, payment will be refunded to your PayPal account within 48 hours.
For orders paid with credit card, payment will be refunded to your credit card within 7-14 business days. The exact time will depend on your card issuing bank.
For GB Wallet refund, it may take up to 1 business day.
Customer satisfaction is always our top priority. For extra support, pleasecontact our Support Center.
We are extremely sorry for any inconvenience caused to you, and look forward to your continued business.
Kind Regards,
Gearbest Team’
This is with zero explanation after more than 20 times!
@JTTheMan: Issue with your account then. As they are a viable company about to turn 5 years old
My latest purchase turned up this am
Approximately 10 days delivery from China for like a dollar
@fefris: I thought so too, so I set up a few other accounts but the same thing happens. I emailed customer support but they had no idea.
@JTTheMan: "GearBest has refunded $7.59 USD from your purchase on 17 March 2019."
Such a bizarre process!
Attempt to purchase a product from an online seller, they accept payment and confirm your order, then 24hrs later they cancel your order and refund your money.
There's absolutely no explanation for the above and it's clear that it only happens to me because everyone on OzBargain has confirmed zero problems with Gearbest.
Very strange!!
@JTTheMan: blacklisted ip? something like that, there system looks at the ip/range the order comes from, blacklists the order as fake and reverses the transaction.
black listed postal address might be possible also, if they have had fraud previously
If its not account specific it must be location specific.
@fefris: Hmm, interesting.
That would be the only explanation for what's going on but I would think they know if they blacklisted me and would also let me know after I've emailed so many times??
Also I have no idea why they would blacklist me but none of it makes sense?
Oh well, it's their loss not mine as they are simply losing business!
If you're the JT (actually JB) I knew from Sydney, looks like your past caught up with you, Turbo!
Hi all,
I was checking some news and stumbled upon an article that a hacking team breached GearBest's database.
I haven't seen any news or forum post here about it, but since GearBest has a few deals here and there, I thought I might share.
https://www.vpnmentor.com/blog/gearbest-hack/
https://techcrunch.com/2019/03/14/gearbest-orders-exposed/
If it's a duplicate, happy to be deleted.
again ?
or they never bothered to patch up since last expose`