Popular online retailer GearBest may have been the subject of a recent hack, judging by the comments currently seen on Reddit. Apparently, the email, password and purchase information of around 150 supposed GearBest users has turned up online in a Pastebin file.
This was discovered by Redditor jamesdownwell after he Googled his personal email address (something he said he sometimes does as a “random security check”) last week.
jamesdownwell says he wrote about this in r/GearBest Reddit thread — which he says was removed without explanation — and has since commented elsewhere, like r/Android where we discovered it. He also published an email conversation he is alleged to have had with a support representative regarding the matter which started on December 15. Though the representative appears to acknowledge the seriousness of the matter, GearBest hasn’t made a public announcement regarding this, and the details are still available online via a cached page.
It’s currently being speculated that a vulnerability in the GearBest app has been exploited to retrieve the user information.
We aren’t going to republish that information here, for obvious reasons, but several people have commented testifying to the list’s authenticity. One person says they’ve been able to log into more than 20 accounts with some of the details found there, while another says an item was bought through their account without their knowledge.
What’s more, Android fansite Tutto Android claims to have already been in communication with GearBest, who has apparently acknowledged the situation and is now said to be investigating it.
We’ve contacted GearBest regarding the matter through several channels but have yet to receive a response; we’ll update this page as soon as we do. In the meantime, it might be worth changing your own GearBest password just to be on the safe side.