[ad_1]
SINGAPORE – Authorities are investigating a data breach at local furniture retailer Vhive, which caused customers’ personal information, such as phone numbers and physical addresses, to be leaked online.
In response to inquiries from The Straits Times on Saturday (April 3), police confirmed that a report had been filed on the matter.
In a Facebook post on March 29, Vhive said that its server was hacked on March 23 and that it was working with the police and other relevant authorities, as well as a forensic investigator from TI to investigate the breach.
Information compromised in the attack includes customer names, physical and email addresses and mobile phone numbers, but did not include identification numbers or financial information, the company said.
“All financial records regarding purchases made with Vhive are kept in a separate system that was not hacked,” he added.
“We are very sorry for the incident and are ready to assist you if you need immediate assistance,” Vhive told clients.
Checks by ST on Saturday afternoon found that Vhive’s email servers were still compromised. The website showed only a warning of the cyber attack, while its stores on the online shopping platforms Lazada and Shopee were active.
The Altdos hacker group, which operates primarily in Southeast Asia, has claimed responsibility for the breach.
In an email sent to affected customers on Saturday, Altdos said it managed to hack Vhive three times in nine days and claimed to have stolen information related to more than 300,000 customers, as well as nearly 600,000 transaction records.
The group said it would filter 20,000 customer records a day, until its demands on Vhive management are met.
In his Facebook statement, Vhive said that the forensic investigator and authorities would guide him closely on the steps to take to safeguard their systems and ensure that customers can safely transact.
In previous hacking incidents, Altdos stole company customer data, blackmailed the compromised company, leaked data online when their demands were not met, and publicized breaches. Its cyberattacks have largely targeted stock exchanges and financial institutions.
In January, it claimed to have broken into the IT infrastructure of Bengali conglomerate Beximco Group, stealing data from 34 of its databases.
Last December, he hacked into a Thai securities trading company and dumped stolen data online when the company allegedly failed to recognize his email and demands.
[ad_2]