A Reddit user recently discovered that sensitive customer information from hundreds of GearBest users was hacked and uploaded into a Pastebin file.
The 3D printing community has developed mixed feelings towards GearBest, some speak positively about the affordable pricing, while others are skeptical about the product quality and customer service. One Reddit user named “jamesdownwell” recently discovered that the Chinese retailer may have been subject to a hack.
After performing a “random security check” on his personal email account, the Redditor discovered that the email addresses, password, and purchase information of around 150 supposed GearBest users was posted online in a Pastebin file.
Redditor Discovers GearBest User Information Hacked and Shared Online
The Reddit user “jamesdownwell” alleges that his post on the matter was deleted from r/GearBest for no reason, but his claims eventually ended up being crossposted in r/3DPrinting. He also stated that although he immediately emailed GearBest, the initial response to this urgent matter seemed a bit lackluster.
“I immediately contacted them through Customer Support and Facebook. Their Customer Support didn’t answer until the next day, clearly not understanding the request, despite me including a screenshot of the online leak. I replied with a link and they didn’t respond until a day later saying that they “take matters of security very seriously” they “will investigate” and ever so generously donated $10 credit to my account.”
Here’s the email exchange between the Reddit user and GearBest, which was shared via this Reddit thread:
However, the Italian Android fan-site Tutto Android claims that it had gotten in touch with GearBest. According to their article (translated from Italian using Google Translate), the online retailer said that they are aware of the situation and have already warned users involved in the hack to change their passwords.
Shortly after the news surfaced on Reddit, GearBest released a full statement of their own:
Our IT department have investigated this issue and we have identified a few hundred accounts that may have been exposed. Immediately after this knowledge came to our attention we have frozen these accounts and contacted the affected users.
Our investigation concludes that it is unlikely that our users information can be leaked from our system. What has likely happened is that ill-intentioned people bought and/or hacked user login information from other websites and were trying to see if those data could access GearBest. As far as we know, those hackers used some special software to facilitate uploading large volumes of leaked data from other sites to try to deceptively login with Gearbest from a group of high risk IPs.
Apart from the steps we have taken above to alert our customers to update their passwords, we are also urgently working on risky IP identification and a more complicated verification code to prevent systematic password testing.
We would like to take this opportunity to thank you for raising this issue. Please rest assured that Gearbest remains a safe website and will strive to keep protecting the interest of our users to the best of our abilities.
GearBest claims that the leaked information was unlikely to have come from their system, but rather through other websites and “ill-intentioned people”. The company also alleges that number of hacked accounts is only in the hundreds, and that all affected users have been notified have had their accounts frozen.
Either way–just to be on the safe side–it would probably be wise for any GearBest users out there to change their password and check to see if their information was hacked.