Singapore’s e-commerce giant Lazada has recently disclosed a data breach affecting RedMart customers. What’s disturbing here is that the data of 1.1 million Lazada RedMart customers is now for sale on the dark web.
Lazada RedMart Data Breach
In a recent email notification to its customers, Lazada has informed them of a data breach affecting RedMart.
Elaborating further on the matter via a FAQ page, the firm’s cybersecurity team observed the breach during proactive monitoring.
The incident only involved a RedMart-only database used by the old RedMart app and site. This database, according to the firm, was updated until March 2019, hence, included data older than 18-months.
The firm has confirmed that the incident did not impact current Lazada customers.
Regarding the details of customers included in the breach, they stated,
The data security incident resulted in unauthorised access to the database which contained personal data of RedMart customers (which was last updated in March 2019), including names, phone numbers, email and mailing address, encrypted passwords, and partial credit card numbers.
Since the company did not store complete card numbers and CVV, they assure this detail as “generally safe”. Though, they have asked the customers to vigilantly monitor their account status for any unauthorized or unusual transactions.
Following the incident, the company quickly halted access to the database and started investigations. As a precaution, they have also reset the passwords for all customer accounts. Whereas, they have sent email notifications to the affected customers.
Stolen Data Up For Sale On Dark Web
While Lazada has disclosed the incident as a mere data breach, Bleeping Computer has reported more alarming details. As revealed, the data stolen from this breach has been put up for sale on the dark web for $1500.
The hackers reportedly accessed the unsecured MongoDB database to pilfer the 1.1 million customers’ records.
As claimed by the hackers, the database included details up to July 2020, hinting that Lazada has seemingly downplayed the incident.
Lazada hasn’t commented anything on discrepancy until the time of writing this article.