(Hong Kong, 28 October 2022) Recently, Carousell, one of the popular online marketplaces in the world, had suffered an information leakage. The leaked information includes user emails and mobile phone numbers. It was sold on the dark web at a price of SG$1,000 (about HK$5,500). The Singapore-based company acknowledged the leakage and revealed that 1.95 million users were affected. In an email notification to the platform users, it explained the security risks and precautions to be taken against any potential phishing attempts. According to reports, the leakage may be the result of a programme bug during a system migration which allowed the hackers to gain unauthorised access to the user database.
Although Carousell has not revealed how many Hong Kong users are affected, since it has always been used by Hong Kong people, there is good reason to believe that many Hong Kong users are not immune to this incident. Noting that this is the second case involving a large-scale data leakage disclosed in this month, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council would like to remind all users again to stay alert to unsolicited message and take the following measures to avoid falling victims to phishing:
Before providing login or sensitive information, check the URL to ensure it connects to the official page
Do not open any website links or attachments in unknown emails or instant messages
Before opening the attachments and links in the email, it is best to confirm the legitimacy of sender and the content of the email. A free search engine “Scameter” by CyberDefender of the Hong Kong Police could help identifying frauds and online pitfalls through email, URL or IP address, etc
Do not use the same password for different accounts to prevent cascading impact if one of them is compromised
For more details, please refer to: