What happened in the Lazada Redmart data breach?
Twingate Team
•
May 13, 2024
In October 2020, Lazada's online grocery platform, RedMart, experienced a data breach that became public. The breach was discovered during regular proactive monitoring by the company's cybersecurity team and was linked to an outdated database. The compromised data included personal information from a significant number of user accounts. Lazada has reported the incident to Singapore's Personal Data Protection Commission and is in touch with other relevant authorities.
How many accounts were compromised?
The breach impacted data related to approximately 1.1 million individuals.
What data was leaked?
The data exposed in the breach consisted of email addresses, names, partial credit card information, passwords, phone numbers, and physical addresses.
How was Lazada Redmart hacked?
The data breach at Lazada's RedMart platform occurred when an unidentified threat actor gained unauthorized access to RedMart's cloud on Amazon Web Services (AWS) via a compromised staff account. The actor exfiltrated a database containing the personal data of around 898,791 individuals. This database was not encrypted and did not have any password authentication requirement for access. The breach led to unauthorized access to a "RedMart-only database" that was hosted on a third-party service provider and was more than 18 months out of date.
Lazada Redmart's solution
In response to the data breach, Lazada RedMart took several measures to enhance their security and prevent future hacking incidents. They deleted the compromised user account and implemented a forced logout and password reset for all affected customers and sellers. Additionally, they took steps to prevent the recurrence of such incidents by implementing database authentication for all databases containing personal data and restricting access to sensitive databases.
How do I know if I was affected?
Lazada RedMart reached out to affected users to inform them about the breach. If you are a RedMart customer and have not received a notification, you can visit Have I Been Pwned to check if your credentials were affected.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For specific advice on Lazada Redmart's data breach, reach out to their customer support through the Contact Us page, which provides options for chat and hotline assistance.
Where can I go to learn more?
If you want to find more information on the Lazada Redmart data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Lazada Redmart data breach?
Twingate Team
•
May 13, 2024
In October 2020, Lazada's online grocery platform, RedMart, experienced a data breach that became public. The breach was discovered during regular proactive monitoring by the company's cybersecurity team and was linked to an outdated database. The compromised data included personal information from a significant number of user accounts. Lazada has reported the incident to Singapore's Personal Data Protection Commission and is in touch with other relevant authorities.
How many accounts were compromised?
The breach impacted data related to approximately 1.1 million individuals.
What data was leaked?
The data exposed in the breach consisted of email addresses, names, partial credit card information, passwords, phone numbers, and physical addresses.
How was Lazada Redmart hacked?
The data breach at Lazada's RedMart platform occurred when an unidentified threat actor gained unauthorized access to RedMart's cloud on Amazon Web Services (AWS) via a compromised staff account. The actor exfiltrated a database containing the personal data of around 898,791 individuals. This database was not encrypted and did not have any password authentication requirement for access. The breach led to unauthorized access to a "RedMart-only database" that was hosted on a third-party service provider and was more than 18 months out of date.
Lazada Redmart's solution
In response to the data breach, Lazada RedMart took several measures to enhance their security and prevent future hacking incidents. They deleted the compromised user account and implemented a forced logout and password reset for all affected customers and sellers. Additionally, they took steps to prevent the recurrence of such incidents by implementing database authentication for all databases containing personal data and restricting access to sensitive databases.
How do I know if I was affected?
Lazada RedMart reached out to affected users to inform them about the breach. If you are a RedMart customer and have not received a notification, you can visit Have I Been Pwned to check if your credentials were affected.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For specific advice on Lazada Redmart's data breach, reach out to their customer support through the Contact Us page, which provides options for chat and hotline assistance.
Where can I go to learn more?
If you want to find more information on the Lazada Redmart data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Lazada Redmart data breach?
Twingate Team
•
May 13, 2024
In October 2020, Lazada's online grocery platform, RedMart, experienced a data breach that became public. The breach was discovered during regular proactive monitoring by the company's cybersecurity team and was linked to an outdated database. The compromised data included personal information from a significant number of user accounts. Lazada has reported the incident to Singapore's Personal Data Protection Commission and is in touch with other relevant authorities.
How many accounts were compromised?
The breach impacted data related to approximately 1.1 million individuals.
What data was leaked?
The data exposed in the breach consisted of email addresses, names, partial credit card information, passwords, phone numbers, and physical addresses.
How was Lazada Redmart hacked?
The data breach at Lazada's RedMart platform occurred when an unidentified threat actor gained unauthorized access to RedMart's cloud on Amazon Web Services (AWS) via a compromised staff account. The actor exfiltrated a database containing the personal data of around 898,791 individuals. This database was not encrypted and did not have any password authentication requirement for access. The breach led to unauthorized access to a "RedMart-only database" that was hosted on a third-party service provider and was more than 18 months out of date.
Lazada Redmart's solution
In response to the data breach, Lazada RedMart took several measures to enhance their security and prevent future hacking incidents. They deleted the compromised user account and implemented a forced logout and password reset for all affected customers and sellers. Additionally, they took steps to prevent the recurrence of such incidents by implementing database authentication for all databases containing personal data and restricting access to sensitive databases.
How do I know if I was affected?
Lazada RedMart reached out to affected users to inform them about the breach. If you are a RedMart customer and have not received a notification, you can visit Have I Been Pwned to check if your credentials were affected.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For specific advice on Lazada Redmart's data breach, reach out to their customer support through the Contact Us page, which provides options for chat and hotline assistance.
Where can I go to learn more?
If you want to find more information on the Lazada Redmart data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions