[BreachExchange] Personal data from 2.8 million Eatigo accounts stolen, put up for sale online

Tue Nov 3 10:32:48 EST 2020

https://www.straitstimes.com/tech/personal-data-from-28-million-eatigo-accounts-stolen-put-up-for-sale-online

SINGAPORE - The personal information from 2.8 million Eatigo accounts
has been stolen and put up for sale on an online forum, including from
400,000 accounts belonging to users in Singapore.

In an e-mail to affected customers on Saturday (Oct 31) seen by The
Sunday Times, the online restaurant reservation platform said that the
information stolen was from more than 18 months ago and included
names, e-mail addresses and phone numbers.

"We were made aware on Oct 30th that along with several other
e-commerce platforms, we were the subject of a data security
incident," the company said.

"Your existing eatigo account password is protected by encryption and
hence safe. We do not store credit card information on our system."

Eatigo informed the Personal Data Protection Commission (PDPC) of the
breach on Friday.

An Eatigo spokesman told ST that the information was from an old
database that was last updated in 2018 and is no longer in use.

“We are running checks and expect that not all 400,000 accounts relate
to current users,” she added.

News of Eatigo's data breach comes just a day after e-commerce giant
Lazada confirmed that personal information from 1.1 million RedMart
user accounts had been stolen.

Both sets of information were put up for sale on the same website.

Eatigo said the information stolen was illegally accessed more than 18
months ago. PHOTO: ST READER

Personal data of 1.1 million RedMart user accounts stolen in Lazada
breach and put up for sale

Data breach of potentially 100,000 Razer customers worldwide
discovered by cyber-security consultant

The stolen Lazada information was also more than 18 months old but it
is not known if the two incidents are related.

In its e-mail, Eatigo said it will collaborate with the relevant
authorities on this matter and has set up a support team that affected
customers can reach out to with queries or concerns.

It also advised customers to log into their accounts and reset their
passwords as a precautionary measure, and to be alert to any spam
e-mails requesting personal or sensitive information.

The PDPC said it is aware of the issue and is investigating.