Involved a RedMart-only database.
E-commerce platform provider, Lazada discovered a data security incident in Singapore. According to the company the breach was found during its “proactive monitoring”, by its “cybersecurity team”. The discovered data security incident in Singapore, involved a RedMart-only database hosted on a third-party service provider.
The customer data hosted on this database is more than 18 months out of date as it was last updated in March 2019.
The customer information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords, and partial credit card numbers of RedMart customers.
In statement Lazada said, it has “taken immediate action to block unauthorised access to the database. This data was used on the previous RedMart app and website, which are no longer in use”. “Lazada customer data in Southeast Asia is not affected by this incident. Protecting the data and privacy of our users is of utmost importance to us,” stated Lazada. “Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.
We want to be transparent about this incident with all of our customers and reassure you that we are taking it seriously.”
Etay Maor, chief security officer at IntSights commented said cyber criminals make their money in different ways.
“Some through targeting individuals using different scams, others utilise ransomware while some access databases and sell them in underground forums,” he said. “These databases are similar in format and data types to the Lazada/RedMart database which was recently discovered.”
According to Maor while companies need to make best efforts to prevent, detect and mitigate such breaches, consumers should be aware that there is no silver bullet to stop cyber criminals.
“This incident shows that they should keep to basic cyber hygiene best practices,” he said. “Never reuse the same password on multiple websites if there is an option to opt in to two factor authentication – do so.
Keep track of your credit card statements and watch out for purchases you did not make. Always update and patch your systems with the latest operating system and security updates.”
Tags: Lazada