Alibaba-owned e-commerce platform Lazada announced that a section of the company was hacked, causing 1.1 million customer accounts to be exposed. Among the leaked information are the account names, phone numbers, partial credit card numbers, and encrypted passwords.
On Thursday last week, the cybersecurity team of Lazada identified illegal access to a customer database for RedMart, an online grocery delivery service company. Lazada said that the breached data was customer information that was “more than 18 months out of date,” which was not linked to any Lazada database.
The hackers were only able to gain access to the RedMart-only database that was featured in the old RedMart application and website. According to the company, the database was updated until March 2019, further testifying that the data included only 18 months. They also assured that the hacking incident did not affect current Lazada users.
Lazada added that their cybersecurity team detected a user claiming that the information was his, hence, taking immediate action to block the unauthorized access to the company’s database.
Channel News Asia, which is based in Singapore, first reported the news. The network said they could access an online forum that “was purportedly selling personal data.” It includes the name, contact numbers, email, and passwords from various online shopping sites globally, including Lazada’s stolen data.
It was also reported that affected individuals were logged out of their existing accounts. Some were prompted to have a password reset before logging in, to which Lazada said they blocked immediately.
“Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.”Lazada
Since Lazada’s feature did not include collecting complete credit card digits and CVV, the Alibaba-owned company attested that the detail exposed won’t affect the users’ credit and claimed it is “generally safe.” Moreover, they already asked their users to vigilantly monitor their respective accounts and beware of any unauthorized transactions.
Lazada has already sent email notifications to the affected customers. The company has already brought the issue to the Personal Data Protection Commission (PDPC), and they are already in the process of investigating the data breach.