TechCrunch: Gearbest security lapse exposed millions of shopping orders

TechCrunch: Gearbest security lapse exposed millions of shopping orders. “Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders, security researchers have found. Security researcher Noam Rotem found an Elasticsearch server leaking millions of records each week, including customer data, orders and payment records. The server wasn’t protected with a password, allowing anyone to search the data.”

Popular Mechanics: Left to Their Own Devices, Pricing Algorithms Resort to Collusion

Popular Mechanics: Left to Their Own Devices, Pricing Algorithms Resort to Collusion. “When you’re browsing online, who sets the prices? An algorithm, most likely. A study from 2015 showed that a third of all items on Amazon had prices set by an algorithm, and chances are that percentage has only risen. A new study shows how easy it would be for price-setting algorithms to learn to collude with each other and keep prices at a disadvantage for customers.”

Nikkei Asian Review: India’s housewife-entrepreneurs turn a profit from social media

Nikkei Asian Review: India’s housewife-entrepreneurs turn a profit from social media. “Shravanti Chanda, a 31-year-old Hyderabad woman who quit her information technology job after she married, is one of many housewives across India earning money at the intersection of e-commerce and social networks. Shravanti discovered Indian social commerce site Meesho a few months ago and now makes $150 a month reselling goods for a markup that she decides.”

Bloomberg Quint: Google Foes Get Chance to Pick Holes in $2.7 Billion EU Appeal

Bloomberg Quint: Google Foes Get Chance to Pick Holes in $2.7 Billion EU Appeal. “Some of Google’s oldest foes have been given the chance to take a swipe at the U.S. giant’s appeal of a $2.7 billion European Union antitrust fine for choking competition for shopping-search services. The EU’s General Court said European consumer group BEUC, German magazine publishers and Foundem — the first company to complain to the EU about how Google treats shopping rivals — can all intervene in the case because they have a direct interest in the result. The decisions dated Dec. 17 were published online.”

CBR: New Formjacking Technique Used to Skim Payment Details Off Websites

CBR: New Formjacking Technique Used to Skim Payment Details Off Websites. “Researchers at cybersecurity company Symantec have identified a new formjacking campaign targeting a French ecommerce site that is prominently featured in global shopping aggregator listings. Over 30 online retail websites from all over the world were redirecting traffic to the compromised site. Formjacking is a term used to describe the injection of JavaScript code into the payment section of a website. This code then skims the payment details of unaware customers sending it onto to threat actors to abuse.”