Carousell data breach exposes email and mobile numbers

On Friday (Oct. 21), e-commerce company Carousell informed its subscribers of a data breach that happened on Oct. 14.

The breach revealed the registered email addresses, mobile phone numbers, and dates of birth of users.

The platform notified affected consumers by email, but did not specify in the message why the notification took a week.

In response to CNA questions, a Carousell spokeswoman stated on Friday evening, “We sent out this message as quickly as we could.”

“At the time of discovery, our first priority was to confirm that the source of the problem had been fixed and to determine the scope of the breach in order to alert the Personal Data (Protection) Commission of Singapore.”

“Thereafter, our team spent hours examining the data in order to provide entire information to our affected users, i.e., to identify for each user which types of data were compromised.”

According to Carousell’s notification to impacted users, a defect introduced during a system migration was exploited by a third party to gain unauthorized access to the personal information of some Singaporean users.

Keep Reading

It stated that it has “taken action” in response to the issue and has corrected the flaw to avoid unauthorized access to personal information in the future.

Our team is currently investigating the situation and developing security enhancements to prevent future occurrences of this type of incident. We are also conducting an inquiry with the relevant authorities, added the spokeswoman.

The company regrets the event sincerely and extends its sincerest apologies, the representative continued.

In its notification to users, Carousell reassured individuals who utilized its in-app payment option that no credit card or payment-related information was compromised.

It was said that no password-related information was exposed and that the incident was unlikely to result in identity theft because it did not include users’ NRIC numbers.

The message warned that sharing your mobile number and/or email address could make you more exposed to phishing attempts.

Users have been warned to be wary of phishing emails and text messages.

“Carousell will never ask our users to share personal information via email or in-app chat, and we ask that you do not respond to any communications that request information such as your passwords,” the spokesman stated.

Carousell will introduce automated and manual review methods for any external application programming interfaces (APIs) to guarantee that personal data is not exposed to unauthorised individuals, according to the spokeswoman.

Burapha

Sawadee-khrup. I am a multicultural Thai newswriter that is always on the lookout for daily news that are intriguing and unique in my native country Thailand.

Recent Posts

Vietnam International Defense Expo 2024

The 2024 Vietnam International Defense Expo was inaugurated by the Prime Minister Pham Minh Chinh on December 19, 2024 and…

December 22, 2024

Shooting concludes: Stranger Things 5 to release on Netflix in 2025

Created by the Duffer Brothers, Stranger Things is one of the most popular sci-fi horror series globally. It is set…

December 21, 2024

China’s Hypersonic Expansion in Asia Raises Alarms for India

According to the US Department of Defense, China has now produced the most sophisticated supply of hypersonic weapons in the…

December 21, 2024

Melaka International Halal Festival 2024

The Melaka International Halal Festival 2024 aims to turn the city as the prime center of the Halal products and…

December 21, 2024

Chunichi Dragons Renews the Contract of Hiroto Takahashi with Annual Salary of 120 million yen

On Saturday, the stalwart of Chunichi Dragons Pitcher, Hiroto Takahashi attended the negotiation for his contract renewal for the next…

December 21, 2024

Biden-Harris administration cancels another $4.28 billion in US student loans

US President Joe Biden has cancelled another $4.28 billion in student loans for nearly 55,000 people across the country, the…

December 20, 2024

This website uses cookies.

Read More