Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
VPNMentor’s found that the Chinese giant database is completely unsecured, as are those belonging to its sister companies. Furthermore, It’s providing potentially malicious agents with a constantly-updated supply of fresh data
Gearbest, one of the top chinese e-commerce companies, suffers a major data breach. It has been discovered by VPN Mentor’s cyber security research team led by Noam Rotem, a well-known white hat hacker and activist. The experts found that the company’s database is completely unsecured – as are those belonging to its sister companies. VPNMentor’s hackers, in fact, could access different parts of it, including: Orders database (data includes products purchased, shipping address and postcode, customer name, email address, phone number); Payments and invoices database (order number, payment type, payment information, email address, name, IP address); Members database (name, address, date of birth, phone number, email address, IP address, national ID and passport information, account passwords). The experts accessed these DB in March 2019, and discovered 1.5+ million records. Moreover, Gearbest’s database isn’t just unsecured. It’s also providing potentially malicious agents with a constantly-updated supply of fresh data.
The cyber security experts accessed to complete sets personally identifiable information (PII) of millions of users
Gearbest data breach raises several other very serious issues. First of all on the User’s privacy
On the user safety, VPN Mentor cyber security experts revealed that “the records we saw show full sets of unencrypted data, including email addresses and passwords. (It’s worth noting that some email addresses contained some hashing. We don’t know if this was intentional and should have appeared everywhere, or if some of their data corrupted. Our hackers believe that it was a partially-implemented security measure that is simply not doing its job.) We were able to log in to these two Gearbest accounts and operate them as if we were the users. We could view current and past orders, accumulated points, change the account password and details. Malicious hackers could use this information to create ‘local’ damage: by accessing user accounts using their email and password, they can change user orders, manipulate account details, and spend money from saved payment methods”. Moreover, “by cross-referencing different databases, they could steal customers’ identities.”
The Payments and Invoices database
When examining the Payments and Invoices database, the ethical hackers noticed the term “Boleto” appeared multiple times, exclusively in reference to Brazilian orders (Brazil accounts for 9.2% of Gearbest’s global traffic). It refers to Boleto Bancario (literally, “Bank Ticket”), a payment method which is regulated by the Brazilian Federation of Banks. It’s similar to the Oxxo payment system used in Mexico. Oxxo allows users to create a voucher which functions like a debit card: users load the amount of their choosing, and can spend what’s available. Each voucher features a unique bar code; this gives users access to their money. In the database they accessed, payments made using either of these methods include a URL for “ebanx.” These links show the active vouchers used, complete with their cash amounts. The data also includes Oxxo and Boleto vouchers’ unique barcodes; this information allows hackers to act as users. Bad actors could also access customer’s receipts, complete with their banking information.
The Orders database is completely exposed. Malicious hackers could easily found he exact content of people’s orders. Including the most private purchases
Moreover, the cyber security researchers discovered that the exact content of people’s orders is visible on the Orders database. The exact make, color, size, and cost of each item can all be viewed, along with the user name and shipping address. Compared to other information available across these unprotected databases, this doesn’t seem particularly shocking. However, the content of some people’s orders has proven very revealing – and in some instances, even life-threatening. For exapmple, hidden in the “Sales” section of Gearbest’s “Apparel” category, users can find a vast array of sex toys. The nature of the store’s open database means the details of your private purchases could quickly become public knowledge. In some cases there isn’t any problems, privacy apart. In others could result in legal repercussions, depending on the countries’ rules.
The Gearbest galaxy
Gearbest sells a range of electronics and appliances, as well as clothing, accessories, and homeware. While it sells some internationally-known brands like OnePlus, most are smaller Chinese brands. It ships to more than 250 countries and territories across the globe, and ranks in the top 100 websites in almost 30% of these regions. The e-commerce company has subdomains in 18 languages, generating global appeal. It is owned by Chinese conglomerate, Globalegrow. The parent company operates several internationally successful sites, including Zaful, Rosegal, and DressLily. In 2015, their sales hit $550 million; 2017 saw the company celebrate a $1.48 billion turnover. The company’s runaway success is a triumph for Gearbest and its sister companies.