Here's what the Redditor said:
Every now and then I like to Google my email address as some sort of random security check. I got an unusual hit on Friday, a Pastebin paste with my email address, password and order information for an order I placed with Gearbest amongst hundreds of other customers.
I immediately contacted them through Customer Support and Facebook. Their Customer Support didn't answer until the next day, clearly not understanding the request, despite me including a screenshot of the online leak. I replied with a link and they didn't respond until a day later saying that they "take matters of security very seriously" they "will investigate" and ever so generously donated $10 credit to my account.
So obviously, I think that they're going to send out an email to all of their customers, letting them know their information has been compromised ASAP. Well, no. They've done nothing. The information is still online and if you log in using this information you will find the home address of the user as well as a password which is very likely reused on other websites.
This is perhaps the most careless approach to online security I have ever experienced and as Gearbest is popular worldwide, it's important that all customers know ASAP.
Here is my exchange with their representative.