Gearbest security flaw leaks millions of order and user details

A badly configured server at Gearbest, the Chinese purveyor of technology and other stuff online, has leaked millions of user profiles and order details. White hat hacker Noam Rotem discovered an Elasticsearch server that was -- indeed still is at the time of writing -- leaking millions of records each week. These include customer data, orders, and payment records. The server wasn't protected with a password, potentially allowing anyone to search its data. Rotem published details of the leak at VPNmentor. Data exposed includes details of products bought and shipping information, plus payment details, email addresses, and other customer data… [Continue Reading]