Chinese online retailer Gearbest has made public a database of millions of customers' personal data.

A team of hackers from VPNMentor has discovered that the Chinese online commerce giant Gearbest stores customer data in easily accessible databases.



The guys from VPNMentor discovered several unprotected Elasticsearch databases (Indices) with millions of records containing customer personal data, order information and payment data.
')
All this stuff is maintained and used by the Gearbest store, whose website is in the Top 250 of the largest websites on the Internet. Gerbest sells such major brands as Asus, Huawei, Intel and Lenovo, delivers to more than 250 countries of the world and supports local versions of the store in 18 languages.

A total of three freely available databases were found, totaling more than 1.5 million records:

1. Database of orders - contains products and their delivery address, e-mail buyers, their names, and IP-addresses.
2. Payment base - consists of order numbers, payment types, payment information, customer names and their IP addresses.
3. Buyer database - contains the names of customers, their birth dates, addresses, phone numbers, emails, IP addresses, passports, and even order access passwords.

Most importantly, this database is updated, i.e. new lines with new order data are written to it.