You are here
Personal information of 1.1 million RedMart accounts stolen in Lazada data breach
[SINGAPORE] The personal information of 1.1 million RedMart accounts was stolen from a customer database and put up for sale in an online forum, including names, encrypted passwords, phone numbers and partial credit card numbers. (see amendment note)
A Lazada spokesperson confirmed the data breach in a CNA article on Friday. E-commerce company Lazada owns homegrown grocery delivery service RedMart.
In a statement, the spokesperson said the stolen information was from a Redmart-only database that had not been updated since more than 18 months ago last March. It is not linked to any Lazada database.
He added that the company's cybersecurity team discovered an individual claiming to be in possession of the information, and immediate action has been taken to block unauthorised access to the database.
Lazada is investigating the data breach, and has informed the Personal Data Protection Commission (PDPC) of the breach.
The company is also in the process of reaching out to all affected customers to remind them to change their log-in details as a safety precaution.
According to the CNA article, the information had been listed on a website claiming to have personal data from various e-commerce platforms around the world for sale.
The Straits Times has reached out to Lazada and the PDPC for comment.
THE STRAITS TIMES
Amendment note: An earlier version of this article stated that 1.1 million users were affected. Lazada has since confirmed that 1.1 million accounts, not users, were affected.