Nearly two million client details were revealed as a result of the hacking of Carousell, a buy-and-sell online marketplace frequented by about four out of ten Singaporeans. Additionally, it’s not clear how long the data was available to the hackers.
When was Carousell hacked?
On October 21, the firm informed a local news website, TODAY, of the incident. Carousell reportedly blamed the incident on the previous week, which revealed the mobile phone numbers and email addresses of 1.95 million clients.
Although it appears that the company was compromised as early as May, a post on the hacker forum BreachForums dated October 12, two days before Carousell claims the breach occurred, makes this allegation.
A sample file of user data was published to the forum for possible purchasers, who were quoted the data haul at a rate of “$1,000/5 copies,” according to the hacker post, which also claims that 2GB of information was obtained.
If a consumer had given this information to Carousell, it would have also been impacted, along with other personally identifying data like date of birth.
Such information is frequently sold by cybercriminals on dark web forums, where it can be bought by their allies to support additional online crimes like phishing or social engineering email scams.
Phone numbers can also be utilized to support similar con techniques, with cybercriminals making calls using a method called “vishing” in an effort to further deceive victims into handing over their money.
Clients informed- no credit card info’ compromised
Carousell notified clients of the breach in its cybersecurity hack, but stated that no credit card information was stolen, saying, “We warn all of our users to be on the watch for any phishing emails or SMSes.”
You can rest confident that no credit card or payment-related information was stolen if you’ve utilized our in-app payment tool as a buyer or seller, it said.