How an unsecured Elasticsearch server exposed customer order information and passwords

James Sander joins those taking GearBest out to the cyberwoodshed over a data leak:

Over 1.5 million customer records from online electronics seller GearBest, as well as Zaful, Rosegal, and DressLily, were stored in an unprotected Elasticsearch server, according to a joint report from VPNMentor (archived here) and security researcher Noam Rotem. The brands involved are owned by Shenzhen Globalegrow E-commerce Co., Ltd, a controversial seller of Chinese-made products.


A statement from GearBest claims, in part:

Immediately upon being aware of this incident, our security experts have initiated an investigation to verify the allegations made by Mr. Noem Rotem. While we found that all our own established databases or servers used for storing or processing Date are protected with all necessary encryption measures end are absolutely safe, some of the external tools we use to temporarily store Data may have been accessed by others and therefore Data security may have been compromised.

On March 1st, 2019… firewalls were mistakenly taken down by one of our security team members for reasons still being under investigation. Such unprotected status has directly exposed those tools for scanning and accessing without further authentication. Currently, we believe this may have affected our newly registered customers as well as our old customers who placed orders with Gearbest during the time from March 1st, 2019 to March 15th, 2019, in a total number of about 280,000.

In a series of tweets, Rotem claims (translated) that the explanation is “Quite delusional, but more common than you’d like to think,” adding “Do you see the date when they claim that the violation has begun? It’s… not accurate. Not even close. And number of customers exposed? Again, far from reality. At this point, it’s getting a little too much to try and fix them.”

Read more on TechRepublic.

About the author: Dissent

Comments are closed.