GearBest

Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server.

It was found the server was not protected with a password and anyone could access it and search the data.

The data exposed includes Customers’ name, address, date of birth, phone number, email address, IP address, national ID and passport information, account passwords and also payment and order related data.

This data could allow hackers to easily steal Gearbest’s customers’ identities by cross-referencing with other databases.

Source: https://www.helpnetsecurity.com/2019/03/15/gearbest-data-exposure/

"id": "GEA55412323",
"linkid": "gearbest",
"type": "Data Leak",
"date": "03/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"