Security researcher Noam Rotem discovered an Elasticsearch server leaking millions of records per week at Chinese online shopping retailer Gearbest, TechCrunch reports. The server, which was not password-protected, allowed anyone to search through customer information, orders, payment records and customers' specific purchase histories. He explained how the incident not only breached privacy, but could endanger customers in areas where freedom of speech and expression is limited. Rotem also found a separate web-based database management system exposed on the same IP address. The online shopping site ranks among the top 250 global websites.
If you want to comment on this post, you need to login.