Gearbest is a massive online store, primarily specializing in Chinese products. In the Android community, Gearbest is known as one of the easiest ways to purchase devices from Xiaomi and other Chinese brands in the United States. If you've purchased something from Gearbest in the past, you might want to start changing your credit cards — the company's main database was found to be completely unsecured.

VPNMentor's white hat security team, led by Noam Rotem, published a report about Gearbest's security. The group found that the site's main database, as well as the databases of its sister sites (including Zaful, Rosegal, and DressLily), are easily accessible and contain more than 1.5 million records.

Some of the accessible information includes emails, account passwords, IP addresses, birthdays, street addresses, payment information, and full names. The team was able to log into two accounts without effort. The exact content of each customer's orders are also visible. Gearbest's data management console was also accessible, meaning hackers could easily manipulate information on the site, disable sections of the company's servers, and even disrupt operations at Gearbest's warehouses.

It's safe to say that data breaches don't get much worse than this — it might be a good idea to stay away from Gearbest.