On Friday (Oct. 21), e-commerce company Carousell informed its subscribers of a data breach that happened on Oct. 14.
The breach revealed the registered email addresses, mobile phone numbers, and dates of birth of users.
The platform notified affected consumers by email, but did not specify in the message why the notification took a week.
In response to CNA questions, a Carousell spokeswoman stated on Friday evening, “We sent out this message as quickly as we could.”
“At the time of discovery, our first priority was to confirm that the source of the problem had been fixed and to determine the scope of the breach in order to alert the Personal Data (Protection) Commission of Singapore.”
“Thereafter, our team spent hours examining the data in order to provide entire information to our affected users, i.e., to identify for each user which types of data were compromised.”
According to Carousell’s notification to impacted users, a defect introduced during a system migration was exploited by a third party to gain unauthorized access to the personal information of some Singaporean users.
It stated that it has “taken action” in response to the issue and has corrected the flaw to avoid unauthorized access to personal information in the future.
Our team is currently investigating the situation and developing security enhancements to prevent future occurrences of this type of incident. We are also conducting an inquiry with the relevant authorities, added the spokeswoman.
The company regrets the event sincerely and extends its sincerest apologies, the representative continued.
In its notification to users, Carousell reassured individuals who utilized its in-app payment option that no credit card or payment-related information was compromised.
It was said that no password-related information was exposed and that the incident was unlikely to result in identity theft because it did not include users’ NRIC numbers.
The message warned that sharing your mobile number and/or email address could make you more exposed to phishing attempts.
Users have been warned to be wary of phishing emails and text messages.
“Carousell will never ask our users to share personal information via email or in-app chat, and we ask that you do not respond to any communications that request information such as your passwords,” the spokesman stated.
Carousell will introduce automated and manual review methods for any external application programming interfaces (APIs) to guarantee that personal data is not exposed to unauthorised individuals, according to the spokeswoman.
The 2024 Vietnam International Defense Expo was inaugurated by the Prime Minister Pham Minh Chinh on December 19, 2024 and…
Created by the Duffer Brothers, Stranger Things is one of the most popular sci-fi horror series globally. It is set…
According to the US Department of Defense, China has now produced the most sophisticated supply of hypersonic weapons in the…
The Melaka International Halal Festival 2024 aims to turn the city as the prime center of the Halal products and…
On Saturday, the stalwart of Chunichi Dragons Pitcher, Hiroto Takahashi attended the negotiation for his contract renewal for the next…
US President Joe Biden has cancelled another $4.28 billion in student loans for nearly 55,000 people across the country, the…
This website uses cookies.
Read More