Skip to content

Alibaba’s Redmart suffers data breach, over 1M accounts compromised

Alibaba’s Redmart suffers a data breach, over 1M accounts compromised

Almost 1.1 million accounts have been compromised after Singapore-based online grocery store Redmart suffered a data breach. The breach was confirmed by Redmart’s operator Lazada, a subsidiary of Chinese e-commerce giant Alibaba.

After the Friday breach, an unidentified individual has come forward to claim they have the breached database. The database allegedly entails customer personal information like mailing addresses, encrypted passwords, and partial credit card numbers. Notably, Lazada representatives have not confirmed the total number of accounts compromised. 

The database accessed illegally

According to Lazada, the ‘Redmart-only database’ was accessed illegally. The database was hosted on a third-party service provider and Lazada acknowledged that it was last updated in March 2019 a period when Redmart accounts were formally integrated into the Lazada system.  The database hosted personal information such as names, phone numbers, encrypted passwords, and partial credit card numbers. 

The latest breach saw Redmart customers logged out of their accounts before being promoted to reset passwords. The breach came barely a day after customers were notified of another Redmart data security incident on October 29th as part of the company’s regular monitoring. 

Lazada has maintained that its customers were not affected by the breach since it was solely on the Redmart platform. A spokesperson from the company notes that the affected database was a legacy system that was no longer in use with no links to the Lazada database. However, Lazada has not issued further information on why the database was left open and how the breach occurred.

The spokesperson further noted that the individual in possession of the database has been identified by the cybersecurity team. Immediate action has allegedly been taken to stop any further unauthorized access.

Credit card information safe

In an FAQ posted on its website, Lazada has assured that credit card information for customers was safe. The FAQ adds that:

“Nonetheless, we recommend that you keep vigilant and monitor for any unusual activity or suspicious transactions on your credit cards.”

Lazada said it had voluntarily notified the breach to the Singapore’s Personal Data Protection Commission (PDPC) as required by the law. The requirement to report suspected data breaches is contained in Singapore’s Personal Data Protection Act (PDPA). The report should be made within 72 hours and affecting more than 500 individuals. 

Lazada acquired Redmart in November 2016 and in January last year, it began plans to integrate the RedMart app into its e-commerce platform. Lazada was acquired by Alibaba in April 2016.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10.

  • Copy top-performing traders in real time, automatically.

  • Regulated by financial authorities including FCA and FINRA.

2.8 Million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts