In connection with the publication on March 15, 2019 by the research team of white hat hackers vpnMentor Noama Rotem on the lack of proper protection of personal data and transaction data of our clients online store Gearbest.com, the Gearbest team publishes an official response to the current situation.
Gearbest Security Department:
“On March 15, 2019, our data protection team discovered that a hacker named Noam Rotem posted on the website www.vpnmentor.com a report that Gearbest's databases of customer personal and transaction data (“Data”) are not properly secured and may be compromised. A study was also conducted on the media's reaction to the current situation.
On the same day, our security experts launched an investigation into Mr. Noam Rotem's allegations, which resulted in it was discovered that a number of external tools for temporary storage of data could be accessible to third parties and could be compromised.
At the same time, the bulk of the data is protected by all necessary security measures, including multi-level encryption. In this regard, Gearbest customers can safely continue shopping in our online store and actively participate in
current sale.These tools are designed to increase efficiency and reduce the load on the main server part of the resource. Due to its purpose, storage data is used for no more than 3 calendar days, after which it is automatically destroyed.
The possible cause of a security breach is the removal of standard protection for temporary external storage by one of the employees security services, held on March 1, 2019, which made it possible to scan data and access it without further authentication. The reasons and facts of what happened are being established.
It has now been established that confidentiality may have been compromised as a result of a security breach. data of new accounts (registered customers) and data on orders of regular customers if period from March 1, 2019 to March 15, 2019 an account was registered or a purchase was made in the online store. In total, approximately 280,000 people.
The violation was corrected within 2 hours immediately after discovery.
Given possible data security breaches, additional work has been carried out to enhance the degree of comprehensive network protection to prevent unauthorized access, including malicious scanning attempts from outside third parties.
In connection with the incident, urgent measures will be taken to deactivate the passwords of new registered clients in order to prevent illegal access to accounts. All affected customers will be sent letters with the necessary instructions and updates on the situation.
The Gearbest team will do extra work on personal data security and do our best to create a safe and secure shopping environment for our valued customers."
More information and updates can be found on the Gearbest Facebook page.
P.S. As a compensatory measure to increase user loyalty, Gearbest is further reducing prices on ongoing sale in honor of the 5th anniversary of the online store.
