Carousell, an online marketplace, suffered a breach into their system where users’ personal data such as their phone numbers and email addresses were exposed.
Carousell issued sent an email to their users informing them of the breach and assured them that no payment or password-related information was compromised
Carousell users were informed of the breach that happened on 14 October via an email sent out on 21 October, although they didn’t mention why it took them a week to inform users.
Carousell said that the security breach happened because of a bug that was introduced during their system migration, which was then used by a third party to gain unauthorised access to users’ personal data.
Carousell added that they have fixed the bug, and any further unauthorised access to users’ personal information is now blocked.
Carousell also added that they have notified the authorities on the incident and are assisting the Personal Data Commission of Singapore with their investigations.