The second-hand trading platform Carousell was exposed to a large number of user data leaks, affecting as many as 2.6 million accounts. It is reported that leaked user information can be purchased on the dark web for only HK$8,000.
Some users received a notification from Carousell that due to an error during the system migration process, a third party took some user data without authorization. Include email address and registered mobile number. Carousell emphasizes that the user does not need to take any action and the account can still be used.
Carousell said that this time, sensitive information such as the user’s ID number was not leaked, and it is judged that only the currently leaked personal data category is unlikely to lead to the fraudulent use of the user’s identity. However, the leakage of users’ mobile phones and email addresses can easily become the target of phishing. Users are reminded to be vigilant against unknown calls, text messages and emails.
Founded in 2012, Carousell Rotary Auctions is headquartered in Singapore and focuses on the secondary market in Malaysia, Indonesia, the Philippines, Taiwan, Hong Kong and Macau. After several rounds of financing, it is currently valued at $1.1 billion. He was involved in the e-commerce fraud controversy in 2018. The Singapore police said that more than 70% of electronic fraud cases that year were related to carousell.
source:The Online Citizen