Lazada just admitted that a data breach involving their RedMart customer database that could affect some 1.1 million customers!
Find out what happened, and what it could mean for Lazada and RedMart customers!
Lazada RedMart : What Is It?
RedMart is an online grocery platform in Singapore that was founded in August 2011.
Lazada acquired RedMart in November 2016, and started to integrate it into their platform in March 2019.
This March 2019 date is important, because that was when the RedMart database was last updated.
Lazada RedMart Data Breach : What Happened?
The Lazada RedMart database was spotted for same in an online forum, amongst many other databases stolen from other e-commerce websites.
In this screenshot, you can see that it claims to have details on 1.1 million Lazada RedMart customers :
- Email address
- Mailing address
- Phone number
- Partial credit card information
In a statement posted on 30 October 2020, Lazada confirmed the data breach involving their RedMart database.
They assert that only the old RedMart database that was “18 months out of date” when it was last updated in March 2019.
Singapore, 30 October 2020 – Lazada places great importance on protecting your personal information, and we value the trust you have placed with us. On 29 October 2020, as part of our proactive monitoring, our cybersecurity team discovered a data security incident in Singapore, involving a RedMart-only database hosted on a third-party service provider. The customer data hosted on this database is more than 18 months out of date as it was last updated in March 2019.
The customer information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords and partial credit card numbers of RedMart customers. We have taken immediate action to block unauthorised access to the database. This data was used on the previous RedMart app and website, which are no longer in use. Lazada customer data in Southeast Asia is not affected by this incident.
Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.
We want to be transparent about this incident with all of our customers and reassure you that we are taking it seriously.
They also set their platform to log out all Lazada users, and require them to register a new password.
They are also warning their users to be on the alert for spam mails requesting personal information.
Lazada RedMart Data Breach : What’s The Implication?
A Data Breach Is A Data Breach Is A Data Breach
Lazada may claim that the data and privacy of their users are of the utmost importance, but the data breach says otherwise.
They left a database they no longer used since March 2019 on a third-party service provider, and accessible online all this time.
Any half-decent cybersecurity specialist would have told them to take the database offline, unless it was essential to the operation of the website.
Closing The Barn Door After The Horses Have Bolted
Lazada immediately blocked unauthorised access to their RedMart database, but that’s like closing the barn door after the horses have bolted.
Once the data was stolen, all it does is prevent other attackers from stealing the data for themselves.
Lazada Migrated RedMart Users In March 2016
It seems a little disingenuous for Lazada to announce that the data was used in “the previous RedMart app and website, which are no longer in use“.
They appear to have migrated RedMart users to Lazada on 15 March 2016 using the same data that was just stolen.
Unless RedMart users changed their passwords, addresses, phone numbers, email addresses or credit card details AFTER they were migrated to the Lazada platform, they remain exposed by the data breach.
The Data Isn’t Necessarily Outdated
Most of us don’t change our logins and passwords that often. And we often reuse the same login and password combination for different websites.
So it is scant assurance that their RedMart database was last updated in March 2019, even if we take their word that it was more than 18 months out of date.
This data breach exposes all affected RedMart users to the possibility of their other accounts being breached as well.
Only Ex-RedMart Users Affected
The only saving grace we can see here is that it looks like only former RedMart users are affected by this data breach.
That means Lazada users who never registered or used the RedMart app or website are not affected.
Lazada RedMart Data Breach : What Can You Do?
If you ever registered for, or used, RedMart before their migration to the Lazada platform in March 2016, we highly recommend that you :
- change your Lazada password
- change the password of accounts that use the same password as your Lazada / RedMart account
- do NOT click on links in emails warning you about this data breach and asking you to change your password
- do NOT respond to calls or messages warning you about this data breach
- do NOT respond to requests for personal information
- Fact Check : Avoiding The Future Plague, The Viral 1956 PSA!
- Fact Check : Is America Rounding The Turn On COVID-19?
- Fact Check : DG Health Asked To Report Fake COVID Cases?
- Interstate Travel SOP For CMCO Areas In Peninsular Malaysia
- Fact Check : Empty Shops In Johor Bahru Due To COVID?
- Fact Check : Malaysian Airline System (MAS) In Liquidation?
- CMCO Roadblocks At Three PJ Highway Tolls In Effect!
- Fact Check: RM1K CMCO Fine For Sitting Side By Side In Car!
- MyGCC Debunks Old CMCO Cross-District Travel Info!
- MySejahtera / Logbook : Register Or Get Fined RM1,000!
- COVID-19 Reality Check : 34.5 Million Infected, 1 Million Dead!
- INTERPOL : Alarming Rate Of COVID-19 Cyberattacks!
- Mac Camera Cover Guide : Why Apple Is Wrong!
- HUAWEI 5G Aces GSMA NESAS Security Audit : The Impact?
- Fact Check : Is China Using Coffee To Cure COVID-19?
- Did A Ringing Phone Cause This Gas Stove Explosion?
- Elbow Pit Slapping For Heart Attack : Does It Work?
- Fact Check : Does The LPG Gas Tank Pressure Test Work?
- Face Mask Guide : The RIGHT Way To Wear + Remove!
- Did Fauci Write That Angry COVID-19 Post : How Dare You?
- Fact Check : Science Supports Pig As Haram With Proofs?
- Dexamethasone : Do NOT Self-Medicate Against COVID-19!
- Fact Check: Changi Airport Passengers Must Wear PPE Suits?
- Fact Check : Fridge Magnet Cancer Warning By Princeton Uni!
- Fact Check : Flower of the Holy Spirit – From Saint To Dove!
- COVID-19 : Release Patients Even If Positive After 14 Days?
- Fact Check : Hand Sanitiser Catches Fire, Burns Woman!
- Higher RON Octane Rating Myth Debunked!
- Hand Sanitiser : Can It Set Your Car On Fire?
- Fact Check : Are There Two Sides To A Surgical Mask?
- COVID-19 : How To SAFELY Clean Your Mobile Devices!
- Face Mask vs COVID-19 : Should You Wear One?
Go Back To > Cybersecurity | Business | Home
Support Tech ARP!
If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!