Investigation underway after data breach exposes Carousell users’ email addresses, mobile numbers
An investigation is underway over a data breach of online marketplace Carousell that exposed personal information of users.
The Personal Data Protection Commission (PDPC) issued a statement on Friday saying it was aware of the incident and had “commenced investigations”.
In response to queries, a Carousell spokesman said the breach led to users’ email addresses, mobile numbers and dates of birth being exposed.
The spokesman did not say how many users were affected by the breach.
Carousell had informed affected users on Friday evening that their data was compromised after a bug was introduced during a system migration and was used by a third party to gain unauthorised access to the personal data.
“We have taken action in connection with this issue and have fixed the bug to prevent any further unauthorised access to personal information,” said its spokesman.
When asked why affected users were only informed a week after the breach, the spokesman said the platform had prioritised finding the source of the issue.
“At the point of discovery, our priority was to ensure that the source of the issue had been resolved, and to size the impact of the breach to notify the Personal Data Commission of Singapore,” said the Carousell spokesman.
“Subsequently, our team also spent time dissecting the data in order to give complete information to our affected users, which is to identify for each user, what kind of data was affected.
“We sent out this alert as soon as we could.”
The spokesman added that Carousell had contacted all affected users and advised them to look out for any phishing emails or SMSes, and not to respond to any communications that ask for information such as their passwords.
It also assured users that no credit card and payment-related information was compromised.
“Protecting our users’ personal information has been and will always be of utmost importance to us.
“We are committed to providing our community with a safe shopping environment, we deeply regret this incident and would like to share our sincerest apologies,” added the Carousell spokesman.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now
