E-Commerce Firm ‘Lazada’ Breached by Hackers and User Data Accessed

Published on October 31, 2020
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

‘Lazada,’ an e-commerce operator from Singapore, has announced a major data breach that resulted in the leak of 1.1 million account details. This includes user information like full names, phone numbers, email addresses, encrypted passwords, and partial credit card numbers. ‘Lazada’ is owned by Alibaba since 2016, and two years after the acquisition, they became the largest e-commerce entity in Southeast Asia, measuring over 50 million active shoppers annually.

Lazada assured the press that its IT team moved quickly to block access to the database, so the hackers couldn’t infiltrate deeper and gain access to more recent information. What was actually compromised is data that’s older than 18 months and concern its grocery arm ‘RedMart.’ Thus, if you have created a Lazada account more recently, chances are that you have not been affected by this incident.

For Lazada customers worrying about their data, the firm suggests that you reach out to an agent via the embedded chat system, which is available 24/7. Alternatively, you may call (02) 7795 8900 to address your concerns to the central customer care. Lazada clarified that all of the affected customers would receive a relevant email, so if you haven’t received anything, it means that your data is safe.

Singapore has a data protection commission, the PDPC, and they are known to be very strict with data breaches. Almost two weeks ago, PDPC refreshed its directions to the “security masters” for the reasonable security measures that must be taken to avoid data breach events. Lazada took the precautionary measure to log out all existing accounts and reset their passwords, while the presence of password encryption is also a positive element in this situation.

Naturally, there is going to be a large volume of spam and phishing attempts targeting the 1.1 million addresses that have been possibly leaked, so keep that in mind and treat these communications with care. Also, even if the database did not include the full credit card numbers and CVVs, you should monitor your bank account activity and report anything suspicious immediately.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: