Furthering the mystery of how security could be so lax, the info found on the unsecured server goes beyond the “usual” info. Researchers were able to access three databases: an “orders” database containing all order info including customer address, phone number, and email; a “payments and invoices” database containing all payment info as well as the customer’s IP address; and a “members” database containing personal info like birthdates, national ID numbers, account passwords, passport info, and, again, IP addresses. Only a portion of all that info is needed for an e-commerce transaction. Researchers question the reasoning for storing unrelated personal info like IP addresses and national IDs.
All customers of Gearbest are advised to monitor all credit card and bank accounts. The personal information leaked online provides everything a bad actor would need to access a customer’s money and then some. With the national ID numbers and passport info, a bad actor could perpetrate identity theft. “The amount of different personal information exposed is really worrisome,” comments Avast Security Expert Luis Corrons. “Apart from identity theft, it could be used to launch targeted attacks against potential victims, from sextortion to spear phishing.”
All potential victims should change their passwords immediately. Regularly changing and storing complex passwords is easy with a password manager like Avast Passwords. Download it for free today.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/gearbest-data-breach-puts-millions-at-risk