E-mail addresses and phone numbers of Carousell users exposed in data breach
ONLINE classified ad platform Carousell informed its users on Friday (Oct 21) of a personal data security breach, which it confirmed took place on Oct 14.
Registered e-mail addresses and mobile numbers of certain individuals were exposed, it said.
In an e-mail sent to affected users and seen by The Business Times, Carousell also said that it wanted to assure those who had used its in-app payment feature – whether as buyers or sellers – that no credit card and payment-related details were compromised.
The e-mail made no mention of the number of users affected.
Carousell said that its investigations have found that a bug was introduced during a system-migration exercise, and was used by a third party to gain unauthorised access to the personal data of some of its Singapore users.
“We have taken actions in connection with this issue and have fixed the bug to prevent any further unauthorised access to personal information,” said the e-mail.
GET BT IN YOUR INBOX DAILY
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
“Our team is also working on security-enhancement features to better protect our community and prevent similar events from happening in the future,” it added.
Carousell added that it has notified law enforcement officials, including the Personal Data Commission of Singapore, and is assisting them with their investigations.
KEYWORDS IN THIS ARTICLE
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
Startups
OpenAI, Reddit sign partnership on ChatGPT, AI products, ads
OpenAI co-founder Ilya Sutskever departs ChatGPT maker
Sea posts US$23 million Q1 loss, but investors cheer Shopee’s record revenue
Uber to buy Delivery Hero’s Taiwan business for US$950 million
SoftBank sells off Vision Fund assets as Son pivots to AI, chips
Battery swapping faces uphill climb in Singapore’s EV market