© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Singapore sales portal hacked, leaving two million customers exposed to cyber fraud


Carousell, a buy-and-sell digital platform used by around four in ten Singaporeans, has been hacked, leaving almost two million customer details exposed. Furthermore, it’s unclear just how long the data was accessible.

The breach was disclosed by the company to a local media news site TODAY on October 21. According to the news outlet, Carousell attributed the breach to the previous week, leaving 1.95 million customers’ mobile phone numbers and email addresses exposed.

However, a post on hacker platform BreachForums dated October 12, two days before Carousell says the breach took place, appears to claim that the company was infiltrated as far back as May.

The hacker post also says 2GB of information was accessed, with a taster file of user data uploaded to the forum for potential buyers, who were quoted the data haul at a rate of “$1,000/5 copies.”

Carousell
Screenshot of dark web posting offering Carousell data breach for sale

Other personally identifying information, such as date of birth, would also have been affected, assuming a customer supplied this to Carousell.

Cybercriminals often sell such details on dark web forums, where they can be purchased by their cronies to facilitate further online crimes, including phishing or social engineering scams deployed via email.

Phone numbers can also be used to bolster such con tricks, wth cyber crooks placing calls, a technique known as “vishing,” in further efforts to dupe victims into parting with their money.

“We advise all of our users to be on the lookout for any phishing emails or SMSes,” said Carousell, which reached out to customers to inform them of the violation of its cybersecurity but insisted that no credit card details were compromised.

“For users who have used our in-app payment feature, either as a buyer or seller, please be assured that no credit card and payment-related information was compromised in this incident,” it added.

Carousell says it has fixed the bug, which it believes was “introduced” to its systems during “a system migration” by an unspecified “third party.”

The company added that the victims of the breach were unlikely to have their identities stolen as a result, as the national identity card numbers that are used in Singapore were not exposed.


More from Cybernews:

Millions of .git folders exposed to public

Quantum computing developer: we know exactly how to scale

Metaverse "no longer exists"

Nightmare Before Streaming: common dangers of illegal streaming

Digital home cameras create doorstep police state for delivery workers, study warns

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked