ONLINE classified ad platform Carousell informed its users on Friday (Oct 21) of a personal data security breach, which it confirmed took place on Oct 14.

Registered e-mail addresses and mobile numbers of certain individuals were exposed, it said.

In an e-mail sent to affected users and seen by The Business Times, Carousell also said that it wanted to assure those who had used its in-app payment feature – whether as buyers or sellers – that no credit card and payment-related details were compromised.

The e-mail made no mention of the number of users affected.

Carousell said that its investigations have found that a bug was introduced during a system-migration exercise, and was used by a third party to gain unauthorised access to the personal data of some of its Singapore users.

“We have taken actions in connection with this issue and have fixed the bug to prevent any further unauthorised access to personal information,” said the e-mail.

GET BT IN YOUR INBOX DAILY

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Sign UpVIEW ALL

“Our team is also working on security-enhancement features to better protect our community and prevent similar events from happening in the future,” it added.

Carousell added that it has notified law enforcement officials, including the Personal Data Commission of Singapore, and is assisting them with their investigations.