Remember meForgot password?
    Log in with Twitter

article imageGearbest misconfiguration exposes 1.5 million records Special

By Tim Sandle     Mar 17, 2019 in Technology
Gearbest, a Chinese online shopping giant, has exposed 1.5 million records on an Elasticsearch server that was not protected with a password, allowing anyone to search the database. Leading security experts weigh in on the implications.
The exposed Gearbest information includes people's names, their addresses, telephone numbers, email addresses, products bought by customers. In some cases passport numbers together with other national identity data were exposed. The database also had payment and invoice information, with amount spent. In terms of the scale of the attack, Gearbest is one of the leading 250 global websites, and supports major brands, such as Asus, Huawei, Intel and Lenovo.
The researcher that discovered the exposed Elasticsearch server also found a separate exposed web-based database management system on the same Internet Protocol address, allowing any person so inclined to manipulate or disrupt the databases run by Gearbest’s parent company, Shenzhen -based Globalegrow.
Gearbest has a large presence in Europe, with warehouses in Spain, Poland, and Czech Republic, and the U.K. This cyber-incident is the second security issue at Gearbest in as many years. Back in December 2017, the company reported that its accounts had been breached after what was described as a credential stuffing attack. This is an incident where stolen account credentials typically consisting of lists of usernames and email addresses plus corresponding passwords are used to gain unauthorized access to user accounts via large-scale automated login requests directed against a particular web application.
To understand the implications, Digital Journal spoke with executives at DivvyCloud and Balbix.
Assessing the leak, Brian Johnson, who is the CEO and co-founder of DivvyCloud states: “Gearbest’s data leak of over 1.5 million customer records adds to a growing list of organizations that have suffered security lapses in 2019 due to mis-configured Elasticsearch servers.”
He proceeds to pinpoint what is significant about this latest incident: “Gearbest’s incident stands out since passport numbers, national ID numbers and full sets of unencrypted data, including email addresses and passwords were among the exposed information. This data could allow hackers to easily steal Gearbest’s customers’ identities by cross-referencing with other databases, and allow malicious actors access to online government portals, banking apps, health insurance records, and more.”
In terms of going forwards and developing a preventive strategy, Johnson recommends: “Organizations like Gearbest must learn to be diligent in ensuring data is protected with proper security controls. Automated cloud security solutions would have been able to detect the misconfiguration in the Elasticsearch database and could either alert the appropriate personnel to correct the issue, or trigger an automated remediation in real-time.”
He adds: “These solutions are essential to enforcing security policies and maintaining compliance across large-scale hybrid cloud infrastructure.”
Jonathan Bensen, who is the chief information security officer at Balbix, contextualizes the data breach: “Mis-configurations like this are, unfortunately, a dime a dozen. Organizations are tasked with the hefty burden of continuously monitoring all IT assets and 100+ potential attack vectors. Through this process, companies are likely to detect thousands of vulnerabilities—far too many to tackle all at once."
In terms of general protective measures, he recommends: "The key to preventing breaches is to leverage security tools that employ artificial intelligence and machine learning that analyze the tens of thousands of data signals to prioritize which vulnerabilities to fix first, based on risk and business criticality.”
As to what Gearbest should have done specifically, Bensen adds: “In Gearbest’s case, a database containing huge swaths of sensitive customer information is critical to the business, and addressing any vulnerabilities in its security should have been highly prioritized. Organizations must adopt advanced security platforms to proactively manage risk and avoid breaches instead of reacting to a security incident after it occurs.”
More about Gearbest, Data breach, Data loss, Cybersecurity
More news from
Latest News
Top News