Carousell faces data breach, database of 2.6 million users including Malaysians allegedly sold for USD 1,000

eCommerce platform Carousell has been hit by a data breach that allegedly occurred on 14th October. A database containing contact details of 2.6 million users was put on sale on an online forum for USD 1,000 (about RM4,738). According to Channel News Asia, Carousell alerted its affected customers by email on Friday (21st October).

From the looks of it, the seller of the database is only offering five copies and the individual claims to have sold two copies as of 18th October 2022. The database claims to be 2GB in size containing 5.5 million records but is filtered down to 2.6 million records with unique emails. The seller has also provided sample data containing 1,000 records and it appears to contain several Malaysian and Indonesian users based on the country field. The records contain the account creation date, username, first and last name, email address, telephone, country and also the number of followers and following.

AsiaOne reported that the data was compromised after a bug was introduced during a system migration and used a third party to gain unauthorised access. Carousell said the bug has been fixed and assured that no credit card or payment-related information was compromised.

Since the leaked data contain contact details, it could be potentially used for spam and phishing attempts. Carousell said it has contacted all affected users and advised them to look out for any phishing emails or SMSes, and not to respond to any communications that ask for information such as their passwords.

We have reached out to Carousell to find out more about the impact of the data breach on Malaysian users.

[ SOURCE 2 ]

Related reading

• Telegram attacks: How to know if your account is compromised and how to improve security
• Budget 2023: Malaysia allocates RM73 million to tackle cybersecurity threats, improve cyberforensic system capabilities
• Website offering personal data allegedly obtained from JPN and MySejahtera surfaces online
• CyberSecurity Malaysia CEO: No such thing as 100% secure from cyber threats, but crucial to know how to act and recover once attacked

Share on Google Plus

About admin

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.