ShopBack and RedDoorz Investigate User Data Leaks
Pre-e-commerce app developer and promotion curator ShopBack and hotel chain startup RedDoorz reported unauthorized access to users’ personal data. The two of them also investigate whether there is a data leak or not.
ShopBack admitted, there was an unauthorized access to the platform a few days ago. “We immediately took security measures and we removed the unauthorized access,” a company spokesman said, Monday (28/9).
The Singapore-based startup also engaged digital security specialists to study breaches. In addition, to increase the security of the platform going forward. The company is also working with the authorities to investigate the extent of the system malfunction.
Even so, he said that the user account password was encrypted. “We have also sent a notification to consumers in Indonesia regarding this matter,” he said. The company encourages users to change passwords.
“As much as possible, avoid using the same passwords used in other applications,” he said. RedDoorz also noted there was a user data breach. Even so, the company admits that its data is not as sensitive as credit cards or passwords. The leaked data includes name, email address, telephone number, address and order details.
RedDoorz Urges Users to Change the Account Access Key
A RedDoorz spokesman said the company was investigating the data leak. “We are also reviewing the entire system and protection of information technology,” he said as quoted by The Strait Times, Monday (28/9). RedDoorz has also notified users by e-mail.
In the message, RedDoorz Co-founder and CTO Kunwar Asheesh Saxena said unauthorized access had entered the company’s system since the first week of September. Kunwar urged users to change all system access keys and access credentials.
Additionally, it enables multilevel authentication. Singapore authorities are also investigating the alleged data breach. “The investigation is ongoing,” said a spokesman for the Singapore Personal Data Protection Commission, yesterday (27/9).
Earlier this month, the Singapore Personal Data Protection Commission fined Grab US $ 7,311 because the GrabHitch app update exposed the personal data of more than 21,500 users. The leaked data includes profile photos, names, user wallet balances, and vehicle license plates.
“Given that the company’s business involves processing large amounts of personal data on a daily basis, this is a significant cause for concern,” said Singapore Personal Data Protection Commission Deputy Commissioner Yeong Zee Kin as quoted by Bloomberg.
The neighboring country has personal data protection regulations, which oblige companies to apply for user consent before collecting or using personal data. If there is a violation, the corporation will be fined.
Indonesia’s Data Protection Law will be Released in Mid-November
Meanwhile in Indonesia, the draft personal data protection law or PDP Bill is still being discussed in parliament. The DPR targets that this regulation will be released in mid-November. In fact, cases of personal data leakage are rife in Indonesia. Last July, 91 million Tokopedia user data were leaked. Earlier this year, 1.2 million Bhinneka user data was suspected to have leaked.
The ShinyHunters group, which also attacked Tokopedia, sold this e-commerce consumer data for US$ 1,200 or IDR 17.9 million on the dark web. In the past year, Pakistani hackers claimed to have stolen data from hundreds of millions of accounts from 32 sites. One of them, 31 million Bukalapak user accounts.
Research by a company from the United States (US) International Business Machines (IBM) shows that cyber-attacks globally jumped 6,000% during the first quarter. In Indonesia, e-commerce is indeed the target of hackers (hackers).
However, government agencies are also said to have experienced data leaks. Data on 230 thousand patients related to Covid-19 was reportedly leaked. The Ministry of Communication and Informatics (Kominfo) and the National Cyber and Crypto Agency (BSSN) denied any data leakage.