I decided to post it in this sub as many users here use Gearbest to import Xiaomi products.

Oof?

Change your password NOW and change it everywhere else you used the same password. And use a password manager instead of using the same password everywhere.

They wanted a picture of my credit card and driver’s license to buy a phone…and I sent it to them LoL FML

tried it too sonetime ago, opened a ticket, they said it would have been deleted in days, and then after some time i found they didn’t delete shits.

Jesus fuck. Looks like I can’t use gearbest anymore.

I just tried to change my password, but it says my old password can’t be more than 32 characters – which it is… Amateur hour.

Friendly reminder to use a password manager

I mean, sure this is awful and i recently decided not to buy anything else from them for other reasons (customs charging me a ton) but as their user for a long time, I’m here considering what they have on me and how that could affect me.

They have:

– part of my name.

– my less important email address that was specifically created to handle less important shit I don’t want my personal and more important email address involved with.

– my address (which isn’t even mine) and country.
– whatever may be relevant from my transactions through PayPal, I’m assuming they actually need PayPal access which has not been breached to get anything important.

– even if they did all they would get would be virtual credit card numbers with the exact amount of money I needed for the transaction I used them on that were good for that transaction only and died right after use (my country has this and it’s awesome, I’m assuming others have it too).

– list of items I bought over the years.

– list of any messages I exchanged with them.
– whatever meager points I may have with them, which is really minor considering how little their points are worth.

I can’t think of anything else. While not exactly public, I can’t think of any of that info would do them any good if stolen. It’s not even exactly secret. What am I missing?

Man gearbest you really banggood your customers

Revoke access for now, may not even be needed. No idea how the Google auth works behind the scenes but easy enough to re-enable.

I just bought a mi mix 3 last week from gearbest fuck me……………………………………………………

i’m glad I used a unique password on all these sites now. I wouldn’t trust gearbest banggood and the rest for having good security

Dam its about to be all over the dark web lulz

Sorry my Mix 3 brother

They tried to fuck me pretty good once. Had a high dollar order and it took them forever to send me a tracking number. I ended up emailing them like 2 1/2 weeks after my order. And 4 days later they sent on the to me. I checked that same day and got an error on the shippers website. Didn’t think much of it. About a week later, Gearbest still had it as “waiting for pickup”. I emailed the shippers and they said that I had a false tracking number. So I emailed Gearbest and notified them and 2 days later they emailed me and asked me to verify all my info again. I was a little frustrated at this point and gave them my info. My mistake was when I resent my info, I gave them my personal number and didn’t write “North” on my street name. She quickly emailed me back this time and said my phone number was bad and I gave them the wrong address. (This info was already on file and I have received numerous orders using the same address on file) She informed me that in their terms and conditions it says they are not at fault for lost packages due to customer supplying the wrong address and I would not be compensated for my order. Even though it says it hasn’t even left their warehouse and I have received many packages using that same info. I was pissed. It was about $5600. I tried to stay calm because honestly, what the fuck was I going to be able to do. I did 2 days of trying to get this resolved and they wouldn’t do shit. I lost hope. That very next day after giving up. I got an email from their warehouse saying my items just got back into stock and they would ship them right away. I said thank you and was relieved to say the least. That night got another email saying the price went up on 2 items and made me pay the difference. At this point I didn’t even care and paid. Sent an email saying please send asap. And the next night…. They were out of stock again. it was another 9 days of this bullshit. They even got me to pay more shipping by the end of it. I think it was roughly 6 weeks before they shipped but I eventually got the package. Needless to say I haven’t ordered from them since. But it would only make sense if someone ended up stealing my identity from this incident. That’s my luck with these guys.

Thanks OP, did not know about this! Luckily was using unique password but had to remove my address. What a joke.

Why? If the hole isn’t patched changing your password on gearbest atm will not give you any security

Update: response from Gearbest

[https://twitter.com/noamr/status/1106537240958775298](https://twitter.com/noamr/status/1106537240958775298)

(@noamr / Noam Rotem is the white hat hacker who exposed them)

While I agree completely, the thing to note is that AliExpress is not a shop, it’s a platform – basically it’s a chinese eBay with all all items as ‘buy it now’ instead of an auction (or Amazon without their own warehouse).
The big difference is that each seller is an individual or a different chinese company, so you can and will get wildly different levels of customer care and support from them.

AE support will step in if needed, like with ebay or Amazon, but you have to remember that it’s a Chinese company with Chinese sellers, so they are less likely to side with you if things are ambiguous.

Oh right. Well the second address is made up so it doesn’t matter. Not much we can do then.

How do you terminate your account?