2022 Carousell Data Breach 44K Users Affected & 2.6M Data Sold.
In today’s digital age, the threat of a data breach and cyber attacks is a constant concern for both businesses and consumers. Unfortunately, in 2022, popular online marketplace Carousell fell victim to not one, but two data breach incidents, putting the personal information of thousands of users at risk.
Carousell, has quickly become a go-to platform for buying and selling a variety of goods and services in Singapore and beyond. With over 250 million listings and a user base of millions, it has become a household name in the e-commerce world.
However, in January 2022, Carousell notified the Personal Data Protection Commission (PDPC) of a data breach affecting 44,477 individuals across Singapore, Malaysia, Indonesia, Taiwan, and the Philippines.
The breach was a result of a vulnerability in one of Carousell’s third-party service providers, allowing unauthorized access to users’ personal data, including names, email addresses, and mobile numbers. While financial information was not compromised, the breach still raised concerns among users about the security of their data.
In addition to the data breach, Carousell also discovered that personal information of at least 2.6 million users had been sold on the dark web. The information included usernames, email addresses, encrypted passwords, and phone numbers.
Carousell stated that this was an unrelated incident, and that the data was likely obtained from previous breaches on other platforms. However, the fact that the data was being sold on the dark web raised questions about Carousell’s data security measures.
The news of the data breaches sparked outrage and concern among Carousell users, with many taking to social media to express their frustrations and demand answers from the company. In response, Carousell released a statement apologizing for the breaches and reassuring users that they were taking immediate action to strengthen their security protocols.
The company also reached out to the affected users, providing them with guidance on how to secure their accounts and offering free credit monitoring services. They also reported the incidents to the relevant authorities and conducted a thorough investigation to identify any potential vulnerabilities in their system.
While the breaches were a significant blow to Carousell’s reputation, the company’s swift response and transparency in handling the situation were commendable. In a time where data breaches are becoming more common, it is crucial for companies to prioritize the security of their users’ personal information and have a solid plan in place to handle any potential breaches.
The Carousell data breaches serve as a reminder to both businesses and consumers of the importance of data privacy and security. As consumers, it is essential to regularly change passwords, use strong and unique passwords, and be cautious about sharing personal information online. As businesses, it is crucial to implement robust security measures and regularly conduct risk assessments to ensure the safety of customers’ data.
In conclusion, the 2022 Carousell data breaches were a wake-up call for the company and its users, highlighting the need for constant vigilance and proactive measures to protect against cyber threats.
While the incident may have caused some damage to Carousell’s reputation, their swift and transparent response is a step in the right direction towards rebuilding trust with their users and strengthening their security protocols.