Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders, security researchers have found.
Security researcher Noam Rotem found an Elasticsearch server leaking millions of records each week, including customer data, orders, and payment records. The server wasn’t protected with a password, allowing anyone to search the data.
Gearbest ranks as one of the top 250 global websites, and serves top brands, including Asus, Huawei, Intel, and Lenovo.
TechCrunch contacted GearBest — and through its dedicated security page — to secure the database. The company neither secured the data nor responded to our request for comment.
Rotem, who shared his findings with TechCrunch and published his report at VPNMentor, said names, addresses, phone numbers, email addresses and customer orders and