Millions of Customer Records of e-Commerce giant Gearbest Exposed
Who: Gearbest
When: 15 Mar 2019
# of records involved: 1.5 Million Customer Records
What happened: An unsecured Elasticsearch server exposed information and orders of millions of its customers.
How did it happen: The server was not protected with a password and anyone could access it and search the data. Although assurances from the company that sensitive data is encrypted, most of the contents of the database were decidedly not. The information included Customer data, Payment data, and Order data.
Outcome: Although other organizations that have suffered security lapses due to misconfigured Elasticsearch servers, Gearbest’s incident stands out. That is because their unencrypted database included passport numbers, national ID numbers in full sets of unencrypted data that would allow hackers to easily steal Gearbest’s customers’ identities by simply cross-referencing the information with other databases, allowing malicious actors access to online government portals, banking apps, health insurance records.