Carousell investigating how many Malaysians affected by data breach

By Christopher Fam

According to Carousell, the flaw that caused the breach has since been fixed. — CHRISTOPHER FAM/The Star

PETALING JAYA: Following the discovery that the data of 2.6 million Carousell users had been uploaded to an online forum for sale, the ecommerce platform has confirmed that Malaysian users were affected by the data breach.

"We are still investigating the total number of impacted accounts, rest assured we will notify the affected users as soon as we can," a Carousell spokesperson said in a statement to LifestyleTech.

The database was first uploaded on Oct 12 and was claimed to include the usernames, full names, email addresses, phone numbers, country code, and number of users followed and followers, along with the registration date of the accounts.

The data was sold for US$1,000 (RM4,720), with the uploader claiming that only five copies of it would be made available, all of which have been sold.

Carousell confirmed the breach on Oct 14, and began notifying affected users last Friday (Oct 21).

“At the point of discovery, we did not have full details yet.

“Our initial priority was to ensure that the vulnerability had been isolated and contained, and to size (up) the impact of this leak to notify the Personal Data Protection Commission of Singapore.

“We did so on Oct 17, 2022,” the spokesperson said.

The company is “dissecting the data” in order to give complete information to affected users, including identifying which users were affected and what type of data was stolen.

According to the initial statement issued by Carousell, the bug that caused the incident has since been resolved.

"Based on our investigations, a bug was introduced during a system migration and was used by a third-party to gain unauthorised access to personal data of certain users in Singapore.

"We have taken action in connection with this issue and have fixed the bug to prevent any further unauthorised access to personal information," the company said in a statement.

In the statement, Carousell users were also told to watch out for possible phishing emails or text messages. They were urged not to answer any messages that asked for personal information or passwords.

×

Related stories:

Forty-five million Malindo Air passenger records from 2019 data leak allegedly uploaded online

Payment gateway provider iPay88 says ‘cybersecurity incident’ may have compromised users’ card data

Netizens express concern over online sales of Malaysian phone numbers (Updated with Shopee’s response)

Malaysians’ personal data allegedly being sold openly on the Internet (Update: Site is down)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Microsoft profit, revenue beat estimates, shares jump over 4%
Google parent Alphabet announces first-ever dividend, shares soar
Health conglomerate Kaiser notifies millions of a data breach
Intel forecasts second-quarter revenue below estimates, shares fall
Snap beats first-quarter expectations, shares jump 25%
T-Mobile raises forecast for subscriber additions on demand for its discounted plans
Crypto firm Consensys sues US SEC over Ethereum regulation
Warner Bros Discovery to launch data platform for better ad-targeting
Reddit back up after brief outage affected thousands globally
Microsoft-backed Rubrik's stock jumps 21% in NYSE debut

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.