E-mail addresses and phone numbers of Carousell users exposed in data breach

ONLINE classified ad platform Carousell informed its users on Friday (Oct 21) of a personal data security breach, which it confirmed took place on Oct 14.

Registered e-mail addresses and mobile numbers of certain individuals were exposed, it said.

In an e-mail sent to affected users and seen by The Business Times, Carousell also said that it wanted to assure those who had used its in-app payment feature – whether as buyers or sellers – that no credit card and payment-related details were compromised.

The e-mail made no mention of the number of users affected.

Carousell said that its investigations have found that a bug was introduced during a system-migration exercise, and was used by a third party to gain unauthorised access to the personal data of some of its Singapore users.

“We have taken actions in connection with this issue and have fixed the bug to prevent any further unauthorised access to personal information,” said the e-mail.

SEE ALSO

Optus hack shows companies must take timely reporting of cybersecurity breaches more seriously

Carousell, Heliconia commit US$25m for majority stake in Indonesian used electronics platform Laku6

“Our team is also working on security-enhancement features to better protect our community and prevent similar events from happening in the future,” it added.

Carousell added that it has notified law enforcement officials, including the Personal Data Commission of Singapore, and is assisting them with their investigations.