Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Gearbest security lapse exposed millions of shopping orders
#1
Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders, security researchers have found.

Security researcher Noam Rotem found an Elasticsearch server leaking millions of records each week, including customer data, orders and payment records. The server wasn’t protected with a password, allowing anyone to search the data.

Gearbest ranks as one of the top 250 global websites, and serves top brands, including Asus, Huawei, Intel and Lenovo.

TechCrunch contacted Gearbest — through its dedicated security page — to secure the database. The company neither secured the data nor responded to our request for comment.


https://techcrunch.com/2019/03/14/gearbe...s-exposed/


Anyone got this one?
Reply
#2
(03-15-2019, 06:14 AM)BoringApe Wrote:  Anyone got this one?

Sounds like all you need is one of the hostnames and you could just dump the entire DB yourself still since it said they didn't secure the data.
Reply
#3
i wish i knew the hostname(s)
Reply
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  Quora Hacked - 100 million users data exposed geshem 22 1,902 03-10-2019, 05:30 PM
Last Post: Kschulz
  Oklahoma Gov Files Exposed by Wide-Open Server b0lk 0 89 01-17-2019, 04:03 PM
Last Post: b0lk
  Security Fails: US Politician Edition rf6686rf 4 261 12-20-2018, 11:43 PM
Last Post: rf6686rf
  Good list of offensive and defensive AWS security tools geshem 0 228 10-28-2018, 12:29 PM
Last Post: geshem
  SheIn Fashion Shopping Site Breached Zeroxx 4 541 10-24-2018, 02:37 PM
Last Post: geshem



Users browsing this thread: 1 Guest(s)