Lazada Singapore was hacked, more than 1 million user accounts were sold on the dark web

Lazada's RedMart, the largest online grocery store in Singapore, has just been hacked, resulting in 1.1 million user accounts being leaked. This data is for sale on a hacker forum for $ 1,500.

Lazada is valued at billions of dollars and operates in Southeast Asian countries. In 2016, Alibaba spent $ 1 billion to acquire Lazada.

The hackers behind the attack revealed that they had retrieved data on Lazada's MongoDB. Of this data, there are more than 1.1 million RedMart user accounts.

Each leaked account included an email address, a password stored in the SHA-1 hash, phone number, shipping address, part of a credit card number, and an expiration date. However, according to the hacker, the data set is not standardized, so some customers will be exposed to more information than others.

For example, some customers are exposed to the first 6 and last 4 digits of their credit card.

On October 29, Lazada sent an email to affected customers, informing them that their information had been leaked. According to Lazada's announcement, they discovered this data leak through an active monitoring system on their network.

Lazada said the leaked data is old data, the last time it was updated 18 months ago. Lazada also reassures customers that their passwords are protected using encryption methods.

However, according to research, among the leaked data, there are new accounts registered in May and July 2020. Besides, the SHA-1 hash can be completely removed to reveal confidentiality. user's initial password.

To ensure safety, RedMart resets passwords of all exposed accounts and requires users to change passwords the next time they log in. 

BleepingComputer also recommends that users change the password of all websites that share passwords with a RedMart account.

RedMart users should also be wary of phishing emails based on leaked information. "Lazada never asks customers to verify your personal information , " Lazada wrote.

RedMart also shared that as soon as it discovered the leak, it has enhanced security measures to promptly prevent hackers from accessing data. In addition, RedMart also cooperates with law enforcement to quickly find the culprit.