Lazada suffers a data breach; personal information from 1.1 million RedMart accounts for sale online



[ad_1]

SINGAPORE: Personal information from 1.1 million RedMart accounts was stolen from e-commerce platform Lazada and sold online in a data breach.

A spokesperson for Lazada confirmed this to CNA on Friday (October 30).

CNA had previously come across an online forum that allegedly sold personal data from various e-commerce sites around the world, including Lazada.

The site claimed to have information such as names, phone numbers, and partial credit card numbers of approximately 1.1 million users.

READ: Lazada will incorporate RedMart to its platform, indicates the entry into the online supermarket business

Online forum 1.1 million accounts

Screenshot of the online forum allegedly selling personal data from various e-commerce sites around the world, including Lazada.

“Our cybersecurity team discovered a person claiming to be in possession of a RedMart customer database taken from a legacy RedMart system that the company no longer uses,” a Lazada spokesperson said in a statement referring to the platform. of online supermarkets it acquired in 2016.

Lazada added that the stolen information was last updated in March 2019, and the affected RedMart database is not linked to any Lazada database.

“This exclusive RedMart information is more than 18 months out of date and is not linked to any Lazada database. The illegally accessed user information includes names, phone numbers, email and mail addresses, encrypted passwords and partial credit card numbers. We have taken immediate steps to block unauthorized access to the database. “

Lazada is currently investigating the data breach and has informed the Personal Data Protection Commission of the breach.

“We have taken immediate steps to block unauthorized access to the database,” Lazada’s spokesperson said.

A spokesperson for the Personal Data Protection Commission said it was aware of the incident and was investigating the matter.

Lazada said it was in the process of reaching out to all affected customers and reminding them to change their login credentials as a security measure.

He added: “Protecting our customers’ data and privacy is a top priority, and we are working quickly to resolve this.”

[ad_2]