Southeast Asia food delivery service provider Eatigo confirmed a massive data breach involving unauthorized access to the customer database.
According to the company, around 2.8 million Eatigo accounts were illegally accessed in the breach from 18 months ago, and data were stolen included personal names, email addresses, and phone numbers.
Eatigo clarified that the account password is protected by encryption and is safe from the breach. In addition, the company also doesn’t store credit card information into its system, that’s why customers are safe from further credit exposure.
It was not Eatigo who confirmed the number of accounts affected, but in a hacker’s forum, it’s said that 2.8 million user accounts were put to sale. The post also said accounts were from Singapore, Hong Kong, and Thailand.
This same post was from the hacker who stole RedMart customer data. The breach was confirmed by Lazada spokesperson on Friday, Oct. 30. With this information, Eatigo immediately took action and made the incident public on the same day.
The company also urged all customers and users to reset their passwords as a precautionary measure. “Your Eatigo account password is encrypted and remains safe,” the company assured customers in an email.
Eatigo also apologized for the unsettling news and inconvenience for the customers. “We have established a dedicated support system that you can reach out to for support on this matter,” added the online food delivery service provider.
Bluffing
Contrary to Eatigo’s announcement of user’s passwords and credit information encrypted, the hacker’s post said otherwise. In the forum, it’s stated that the compromised database includes customer names, email IDs, passwords, phone numbers, addresses, gender, Facebook IDs, and token.
With this, security experts claim that it’s either the hacker is bluffing to get the attention of affected companies, or possibly phishing for information on the database. Other companies mentioned on the data dump haven’t confirmed the breach.
Meanwhile, some customers already conducted immediate actions to change their passwords and deactivate their accounts altogether. Eatigo also said information accessed by hackers were from the old database that was last updated in 2018, and no longer in use.
The service provider said they’re in the process of conducting security checks and investigations, and claim that not all 2.8 million customers were affected. Eatigo also said it will collaborate with the relevant authorities about the matter and reach out to customers possibly affected by the breach.
The Personal Data Protection Commission (PDPC) said it was aware of the situation as Eatigo notified them, and is also conducting a series of investigations.