Skip to content

Alibaba’s Redmart suffers data breach, over 1M accounts compromised

Alibaba’s Redmart suffers a data breach, over 1M accounts compromised

Almost 1.1 million accounts have been compromised after Singapore-based online grocery store Redmart suffered a data breach. The breach was confirmed by Redmart’s operator Lazada, a subsidiary of Chinese e-commerce giant Alibaba.

After the Friday breach, an unidentified individual has come forward to claim they have the breached database. The database allegedly entails customer personal information like mailing addresses, encrypted passwords, and partial credit card numbers. Notably, Lazada representatives have not confirmed the total number of accounts compromised. 

The database accessed illegally

According to Lazada, the ‘Redmart-only database’ was accessed illegally. The database was hosted on a third-party service provider and Lazada acknowledged that it was last updated in March 2019 a period when Redmart accounts were formally integrated into the Lazada system.  The database hosted personal information such as names, phone numbers, encrypted passwords, and partial credit card numbers. 

The latest breach saw Redmart customers logged out of their accounts before being promoted to reset passwords. The breach came barely a day after customers were notified of another Redmart data security incident on October 29th as part of the company’s regular monitoring. 

Lazada has maintained that its customers were not affected by the breach since it was solely on the Redmart platform. A spokesperson from the company notes that the affected database was a legacy system that was no longer in use with no links to the Lazada database. However, Lazada has not issued further information on why the database was left open and how the breach occurred.

The spokesperson further noted that the individual in possession of the database has been identified by the cybersecurity team. Immediate action has allegedly been taken to stop any further unauthorized access.

Credit card information safe

In an FAQ posted on its website, Lazada has assured that credit card information for customers was safe. The FAQ adds that:

“Nonetheless, we recommend that you keep vigilant and monitor for any unusual activity or suspicious transactions on your credit cards.”

Lazada said it had voluntarily notified the breach to the Singapore’s Personal Data Protection Commission (PDPC) as required by the law. The requirement to report suspected data breaches is contained in Singapore’s Personal Data Protection Act (PDPA). The report should be made within 72 hours and affecting more than 500 individuals. 

Lazada acquired Redmart in November 2016 and in January last year, it began plans to integrate the RedMart app into its e-commerce platform. Lazada was acquired by Alibaba in April 2016.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account?

Services

IMPORTANT NOTICE

Finbold is a news and information website. This Site may contain sponsored content, advertisements, and third-party materials, for which Finbold expressly disclaims any liability.

RISK WARNING: Cryptocurrencies are high-risk investments and you should not expect to be protected if something goes wrong. Don’t invest unless you’re prepared to lose all the money you invest. (Click here to learn more about cryptocurrency risks.)

By accessing this Site, you acknowledge that you understand these risks and that Finbold bears no responsibility for any losses, damages, or consequences resulting from your use of the Site or reliance on its content. Click here to learn more.