Carousell the eCommerce platform which has a presence in Malaysia has informed its users in Singapore that a data breach had occurred on October 14 with a possible leak of user names, mobile numbers, email addresses, and dates of birth.
The platform informed the users of the incident but did not explain why it took a week to convey the notification.
“We sent out this alert as soon as we could,” a Carousell spokesperson said on Friday evening in response to CNA queries.
“At the point of discovery, our priority was to ensure that the source of the issue has been resolved, and to size the impact of this breach to notify the Personal Data (Protection) Commission of Singapore.
“Subsequently, our team also spent time dissecting the data in order to give complete information to our affected users, which is to identify for each user, what kind of data was affected.”
In the notice to the users, Carousell said that based on investigation a bug was introduced during system migrating and was used by a third party to gain unathorised access to the personal data of some users in Singapore.
Users have been advised to look out for phishing emails or SMS.
