Alibaba-owned Lazada suffers data breach on RedMart

The Lazada application seen displayed on a iPhone.

Guillaume Payen | LightRocket | Getty Images

SINGAPORE — Southeast Asian e-commerce firm Lazada said it detected a data breach that exposed personal details of many users in Singapore.

Lazada’s cybersecurity team discovered on Thursday last week that there was illegal access to a customer database for RedMart, the online grocery delivery service in the city-state. The Alibaba-owned company said the information contained in the database was “more than 18 months out of date.”

The database was used by the now decommissioned RedMart app and website and was hosted on a third-party service provider, according to Lazada.

Lazada bought RedMart in late-2016 and last March, it integrated the grocery delivery service with its own app and website — about the same time that the affected database was last updated.

Singapore’s Channel News Asia first reported the incident. The news network said it accessed an online forum which “was purportedly selling personal data” — such as names, telephone numbers, email and passwords — from various e-commerce sites around the world, including the stolen information from Lazada.

CNBC could not independently confirm the contents of the online forum. However, Lazada confirmed to CNBC that personal information from 1.1 million RedMart accounts were compromised.

Information that was illegally accessed included names, phone numbers, addresses, encrypted passwords and partial credit card numbers of RedMart customers. Affected users were logged out of their existing accounts and were prompted to reset their password before logging in. Lazada also said it blocked access to the database immediately.

“Protecting the data and privacy of our users is of utmost importance to us,” Lazada said in a statement on Friday. “Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.”

The company said it reported the incident to Singapore’s Personal Data Protection Commission, which enforces the city-state’s personal data protection act. Legislation requires companies to notify the commission and affected individuals of a data breach if it involves the personal data of 500 or more people.

A spokesperson from the commission told CNBC that it’s aware of the incident and is investigating the matter.

A Lazada spokesperson pointed to the statement on Friday when asked if there have been any updates on its investigations into the security breach.

On its website, Lazada said the affected database was not linked to any of its current database.

RedMart saw a surge in usage this year as more people turned to online grocery shopping when the coronavirus pandemic first erupted and Singapore went into a partial lockdown. Online grocery sales on the platform jumped four times after the city-state introduced movement restrictions from early April.

Source link




How did coronavirus get transferred from animals to humans? Scientists may have an answer : Health

Excerpts:By comparing the patterns of mutations from the new coronavirus to other known viruses, researchers have been able to create an evolutionary history...

Coinbase’s crypto holdings jumped ninefold last year as bitcoin surged

Brian Armstrong, co-founder and chief executive officer of Coinbase Inc.David Paul Morris | Bloomberg | Getty ImagesCoinbase isn't just enabling the trading of...

2021 Ford Mustang Mach-E First Drive | Electric range, performance, pricing, features

Like a summer tentpole movie that the studio won’t shut up about, certain cars can hardly live up to their marketing hype. That...

Stock falls after cautious guidance

A Deliveroo rider's bike near Victoria station on March 31, 2021 in London, England.Dan Kitwood | Getty ImagesLONDON — Shares of British food...

Apple CEO Tim Cook praises Dreamer bill, urges Congress to pass it

Apple CEO Tim Cook speaks during the Time 100 Summit event on April 23, 2019, in New York.Don Emmert | AFP | Getty...