GearBest Password Leaked Online?

Just saw it over reddit , and I'm bit concerned about this ..

https://www.reddit.com/r/technology/comments/7kops5/gearbest…

Mod: Pastebin link removed. Users can check their email address at https://haveibeenpwned.com/ to see if their details have been leaked.

Paste title Date Emails
x70 gearbest 19 Jun 2017, 23:24 115

Related Stores

GearBest
GearBest
Marketplace

Comments

  • Has your details been leaked?

  • So you thought it was a good idea to post the link here ?

  • +2

    Thanks, now we can log in to their accounts and even their email address if they use the same password.

  • which is very likely reused on other websites.

    That's about half the people online. Fully half of the users online act like (profanity) retards when it comes to online account security.

  • oh nooooo

  • Wow, they got warned about the leak 4 days ago, but still haven't done anything!? What gross incompetence.

    Looks like I don't have a Gearbest account, phew!

    Maybe I did but signed in with Google - that should mean these idiots never see my password…

  • Their customer service reps aren't going to have a clue. I'll email one of their managers and get them to look at it.

    • +5

      the last time i tried contacting their cust service i received a reply back in italian

      • Wp gg

  • Mod: URL for leaked info removed

    what can one do with this? order items?

    • Login into their account and see all there details

      Use their points, changes account pw and email, etc

      Also their paypal account might have the same password

      • Login into their account and see all there details

        i see. the shipping address belonging to a buyer somewhere in russia could be of interest to someone.

      • Use their points, changes account pw and email, etc

        most of the accounts have 0 point and $0 credit. no danger there.

        changes account pw and email, etc

        hijacking a bunch of worthless account to what end?

      • +3

        Also their paypal account might have the same password

        this one is a life lesson.

        this is why tech savvy people always tell the rest to don't use the same password and change it a few times a year. but do they ever listen, no.

        • +3

          These days a password manager is pretty much mandatory. Very hard to keep track of hundreds/thousands of unique passwords otherwise.

          Also, enabling two-factor authentication whenever possible is crucial.

        • @44sunsets: do you recommend anything in particular?

        • +5

          @Quantumcat: Check out LastPass. Works great, especially if you have a mobile with a fingerprint scanner.

        • @Quantumcat: Second LastPass, so worth it (I even have Premium although not necessary)

  • t https://haveibeenpwned.com/ to

    damn.
    Pwned on 11 breached sites and found 3 pastes (subscribe to search sensitive breaches)

    what should i do?

    • +3

      Despair

    • +4

      Just change your passwords, you should be sweet.

      • +2

        Why be sweet when you can be salty!

  • Hmmm, interesting!

    I was submitting a support ticket yesterday for an item that I purchased over a month ago and during the process I was re-directed back to the home page and noticed I was logged in as someone else.

    Refreshing the page seemed to fix it, although it was a concern on the security of their website.

  • Hmmm, actually quite surprising all most all of the accounts have a decent password…. I was expecting half(or more) of them to just be like 12345678 or something trivial…lol

    • +1

      I guess maybe indicative of the GearBest customers.

  • Merged from GearBest User Credential Leak

    I just spotted some posts in various reddit subs that some Gearbest customer username, password and order info was stored in plain text and subsequently shared on pastebin. A customer searched his email address and found it.

    I use unique passwords for all accounts and have checked https://haveibeenpwned.com/ and found I am not in the paste.

    Here's one of the relevant Reddit posts

    Happy Xmas.

  • Merged from GearBest Data Leak

    From their Facebook Page

    Dear Valued Customers,

    We kindly bring your attention to the fact that some unidentified hackers gained large amounts of personal data from other websites and are trying to use this data to deceptively sign into Gearbest. Immediately after identifying this irregularity, we have frozen a few hundred affected accounts and updated our IT system for suspicious IPs. The situation is completely under control.

    However, for your personal account security, we kindly recommend that you change your password if you feel that it is too simple (password with a combination of letters, numbers and symbols are considered to be more complex). At the same time, we also recommend that you do not use the same email address and password on different websites.

    We will always be 100% committed to maintain our website as a safe and reliable place for your guaranteed shopping experience.

    If you have any queries or may need any assistance, please contact our Support Team

    Yours Sincerely
    Gearbest.com

  • Interesting. They're suggesting that the information may not have leaked from their site, but another source. A good reminder not to have the same passwords for every site.

    It's a shame their stock price had to take a dive. Good time to swoop in I guess.

Login or Join to leave a comment