Carousell users' personal data including mobile numbers leaked in security breach

No credit card or payment-related information was compromised.

Kayla Wong | October 21, 2022, 06:49 PM

Follow us on Telegram for the latest updates:

Online marketplace Carousell has been hit by a personal data security breach, exposing users' registered mobile numbers and email addresses.

However, Carousell assured users that no credit card and payment-related information was compromised.

In addition, no one else would be able to log into the affected Carousell accounts as no password-related information was compromised.

Security breach confirmed a week ago

Users were informed of the data breach in an email sent on Friday (Oct. 21). Carousell said the security breach was confirmed last Friday (Oct. 14).

According to the online e-commerce platform, the security breach occured as a result of a bug that was introduced during a system migration.

The bug was then used by a third party to gain unauthorised access to personal data of certain users in Singapore.

Carousell said they have taken actions in connection with this issue and have fixed the bug to prevent any further unauthorised access to personal information, adding that they are also working on security enhancement features to prevent similar events from happening in the future.

They added that it's unlikely the incident will result in identity thefts for affected users, as their NRIC numbers were not exposed.

However, they warned of a potential risk of users being more susceptible to phishing attempts, as a result of their mobile numbers and email addresses being leaked.

Carousell said they have notified law enforcement officials including the Personal Data Commission of Singapore and are assisting them with investigations.

Top image via Carousell & Towfiqu barbhuiya/Unsplash