AskCyberSecurity.com

Cyber Security News & Information

AskCyber Home » News » News » 1M Lazada RedMart accounts for sale on the dark web

1M Lazada RedMart accounts for sale on the dark web

by

Lazada Redmart confirmed customer data breach yesterday

Customer information from the Redmart data breach has been posted for sale online. the cybercriminals posted 1.1 million records containing sensitive customer account information. Lazada Says it discovered the data breach On Thursday.

“Our cyber security team discovered an individual claiming to be in possession of a RedMart customer database taken from a legacy RedMart system no longer in use by the company,” the spokesman said.

Redmart customers were notified via email on 29 October. The company also posted a data breach notice on its website.

Lazada Redmart Data Breach. Notice
Lazada Redmart Data Breach. Notice

Redmart is Singapore’s largest online grocery store. The company has about 8,000 employees and is owned by Lazada.

See The best cyber security certifications to begin a new career

Breaced Lazada RedMart Data includes:

  • email addresses
  • encrypted passwords
  • full names,
  • phone numbers
  • physical mailing addresses
  • billing addresses
  • partial credit card numbers and their expiration dates

Lazada said that current customer data is not affected.

“Our cyber security team discovered an individual claiming to be in possession of a Redmart customer database taken from a legacy Redmart system no longer in use by the company,” the spokesman said “This RedMart-only information is more than 18 months out of date and not linked to any Lazada database. Hence, none of Lazada’s current customer data is affected by this data security incident.”

However, a post on Bleeping Computer disputes that claim. The sellers told them that they have customer records from May and July 2020 and supplied a few records as proof.

As a precaution Lazada has logged out all Redmart user accounts. Customers will have to create a new password to log in again. The company reported the security incident to Singapore’s Personal Data Protection Commission (PDRC) and the Singapore Police Force.

In their statement posted on the website, Lazada said that customer credit card information was generally safe as the database only retains partial credit card numbers. However, Redmart customers should monitor their payment cards and bank statements for suspicious activity.

Lazada RedMart Data Beach – How do I Protect My Money

  1. Redmartcustomers will be forced to create a new password to access their Lazada Redmart app or online account.
  2. Passwords were stolen in this data breach. Customers should change any account password that used the same password as their Redmart login. It’s very common for people to re-use the same username and password combination across multiple online accounts. That puts other accounts at risk.
  3. Monitor payment cards and bank statements for signs of fraud.
  4. Consider enrolling in identity theft protection so you will be alerted as soon as there is suspicious activity on any of your accounts

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.