Member-only story
Singaporean Matters: Carousell Personal Data Breach
e-Commerce platform Carousell experienced a personal data leak on 14 October 2022, and according to their investigations, users registered email address, registered mobile number, and date of birth were exposed to hackers.
In their email notifications to users, Carousell has downplayed the severity of the incident and informed its users that based on the “type of data that was affected, it is unlikely that this incident will result in an identity theft as it does not include information like your NRIC number.”
While this is true, it is not the complete truth!
Professional hackers do not rely on one source of information to launch their attacks — they combine information from multiple hacks. And, now that they have your date of birth, contrary to what Carousell wants you to think, you are now at higher risk of being a victim of identity theft and fraud. This is because your date of birth is not readily available online, hence this piece of information is often used by organizations to verify your identity.
What now?
The bad news is that the data from the leak is already being sold on the dark web. At the time of this blog, the hackers have confirmed that two copies had already been sold. It…
