November 26, 2020

Lazada RedMart leaked 1.1 million account information

2 min read

Alibaba’s e-commerce platform, Singapore e-commerce company Lazada recently announced that its subsidiary database has been hacked to reveal user information.

The data leaked in this security incident involved 1.1 million user accounts. The information leaked this time included the user’s home address and some credit card numbers, and the encrypted password information was also leaked.

It was not Lazada itself that leaked the data, but RedMart, the company’s grocery subsidiary, whose database was accessed by hackers.

According to its statement, the database of this subsidiary was last updated in March 2019, after which the database was abandoned and was not connected to the Lazada platform database.

The company did not answer why the abandoned database was not cleaned up and protect in time, and it is not clear what method the hacker used to break the database.

Fortunately, the company only saves part of the user’s credit card number and does not save the security code. In this case, the user’s data leakage should not cause credit card fraud.

Lazada stated that he has proactively contacted the Singapore Personal Data Protection Board to report the security incident and cooperated with Singapore’s law enforcement agencies to track down the attackers involved.

Singapore is also very strict about data protection. According to Singapore’s Personal Data Protection Act, if a data breach affects 500 people, it must be notified to the regulatory agency.

Such leaks of information of up to 1.1 million users are extremely rare in Singapore.

It is not yet clear how the Singapore regulator will deal with this matter, but Lazada may be punished by the regulator because of the data breach.

According to Singapore’s Personal Data Protection Act, business entities that violate the regulations can be fined up to 1 million Singapore dollars or imprisoned for 12 months.

Via: bleepingcomputer