About 2.6M Carousell user accounts are sold on the dark web

October 25, 2022
Carousell Data Leak User Accounts Dark Web Hacking Forum Fraud Prevention Hacked

Recent dark web exposes reveal that the popular online marketplace ‘Carousell’ has suffered from a hack that resulted in its database of user accounts being stolen and sold on underground forums. The hackers of Carousell’s database are selling it for $1,000.00, which allegedly holds 1.95 million user accounts and 2.6 million user information.

The online marketplace notified all affected users of the data breach incident, explaining that an unauthorised entity exploited a system migration flaw to gain access. The said system flaw had already been fixed, and Carousell has assured their users that no financial information was included in the compromise.

 

Carousell announced the breach two days after the hacker posted the 2GB database on dark web forums.

 

According to the investigations, the data breach on Carousell included users’ full names, usernames, email addresses, contact details, countries of origin, account creation dates, and follower counts. Only five copies of the database will be sold, as mentioned by the hackers, and they also shared that they obtained it through the online shopping platform’s system vulnerability.

Research also shows that the threat actors uploaded a thousand users’ data as a sample for all interested buyers. Two copies of the database have already been sold since October 22.

Singapore’s cybersecurity agency has already contacted the affected firm to assist them in addressing the incident. Investigations have also been implemented by the Personal Data Protection Commission to discover the data breach’s scope further.

All affected Carousell users must be vigilant about potential cyberattacks from hackers, especially since their data has already been sold and exposed. If unknown people ask for their information, such as OTPs and passwords, or ask them to visit a suspicious website, experts advise ignoring and reporting them to authorities.

Several security breaches have been reported recently, with big firms like Australia’s Optus being one of the victims. In September, Optus, a telecom giant, was hit with a data breach attack that compromised over 9 million user data to hackers. Subsequent data breach incidents occurred after that incident, concerning security experts about the rising rate of attacks for 2022.

About the author

Leave a Reply