Southeast Asian e-commerce company Lazada spotted a data breach which led to the exposure of customers' personal details in Singapore.
Lazada’s cybersecurity team found illegal access to a customer database for RedMart, the online grocery delivery service in Singapore. Lazada reported the information contained in the database was “more than 18 months out of date.”
According to the Alibaba-owned company, the database was processed by the now decommissioned RedMart app and website and was hosted on a third-party service provider.
Lazada acquired RedMart in late-2016 and last March, it merged the grocery delivery service with its own app and website.
Singapore’s Channel News Asia first revealed Lazada data breach. The report said it accessed an online forum which “was purportedly selling personal data," including names, telephone numbers, email, and passwords from different e-commerce sites around the world, including the stolen details from Lazada.
CNBC could not verify the contents of the online forum. However, Lazada told CNBC that there were personal information from 1.1 million RedMart accounts that have been compromised.
The details that were illegally accessed included names, phone numbers, addresses, encrypted passwords, and partial credit card numbers of RedMart customers.
The customers that were affected were logged out of their existing accounts and were advised to reset their password before logging in. Lazada noted it blocked access to the database immediately.
“Protecting the data and privacy of our users is of utmost importance to us,” Lazada said in a statement on Friday. “Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.”
The company reported the issue to Singapore’s Personal Data Protection Commission, which implements the city-state’s personal data protection act. Companies are required to advise the commission and affected individuals of a data breach if it involves the personal data of 500 or more people.
In June, Lazada reported that its online grocery sales in Singapore increased due to the coronavirus pandemic.
RedMart currently caters to around 65 million active consumers on its platforms across six different markets in Southeast Asia.
James Chang, chief executive officer of Lazada Singapore, reported that RedMart’s unique visitors on daily have jumped more than 11 times.
The company experienced a “pretty tough time” trying to provide customers quality service during the peak period, Chang said during an interview with CNBC’s “Squawk Box” on Tuesday.
Cyberattacks
Cyberattacks have become prevalent especially nowadays when people are opting for online shopping and cashless transactions.
School payments service provider WisePay has reported that its website has fallen victim to a cyberattack between October 2 and October 5.
The cyberattack involved creating a spoof page, which allowed the attacker to gather the payment details of parents who made payments using WisePay to UK schools during that period. According to the firm, the attack affected attempted payments to about 300 schools.
However, WisePay claims that only a small number of parents would have used its system before it was taken offline.
Richard Grazier, managing director at the payments firm, said the type of cashless payments made, including exam fees and school meals. would not be done on a daily basis. He claimed: “Actually, it’s quite a small subset of users of the platform.”
The cyberattack was done on a Friday night and was not detected until the following Monday morning at 10:00 BST. Grazier said that upon detection of the attack, Wisepay’s website was taken down.
