Activists groups vpnMentor led ethical hacker Noam Rotem found a vulnerability in the database one of the largest online stores in China GearBest. Their study they described in detail and published on the website.
All the hackers got more than 1.5 million records, among which are the bases of orders, users, payments and accounts. One of them includes the following data:
- Name and date of birth.
- E-mail address and account password.
- Number and series of the passport.
- Mailing address and IP.
- Your payment data.
To demonstrate the capabilities of the hackers went into one of the accounts, gained access to payment history and changed the password.
The problem was the database server Elasticsearch, which uses the Corporation Globalegrow. It was not password protected, which allowed not only to view all the information, but to access the internal data management system.
Representatives from GearBest is a problem is not recognized and the claim that all secret data is stored encrypted. According to the law on protection of personal data and privacy (GDPR) of the European Union, the company can be fined up to 4 percent of its global income.
GearBest is among the 250 largest global online platforms. In 2015, sales amounted to $ 550 million in 2017 the turnover of the holding reached 1.48 billion dollars.