5.8 Million RedDoorz User Records For Sale On Hacking Forum
After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum.
RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia. Using the website or mobile app, users can register an account to browser available budget hotels and book a reservation.
At the end of September 2020, RedDoorz disclosed that they suffered a data breach after an unauthorized person accessed one of their databases. At the time, though, no RedDoorz financial information or passwords were exposed “to the best of its knowledge.”
5.8 million RedDoorz user records sold online
This week a threat actor began selling a database containing 5.8 million user records that were stolen during RedDoorz’s data breach.
Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases
As part of the sale, the threat actor shared a database sample, including the table structure and records for 587 users. These records allow us to see what was exposed during the RedDoorz breach.
For each user records in the database, a RedDoorz member’s email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation is exposed.
For numerous user records in the samples, BleepingComputer has confirmed that the listed email addresses and phone numbers are correct for the particular user.
While this data breach exposed far more sensitive data than initially stated by RedDoorz, it does not contain any financial information.
What should RedDoorz users do?
To be safe, if you are a RedDoorz user, you should immediately change your password.
Also Read: What is Pentest Report? Here’s A Walk-through
If you use the same password at other sites, you should also change the password at those sites to a unique and strong one for that site.
Using unique passwords at every site you have an account prevents a data breach at one site from affecting you at other websites you use.
It is suggested that you use a password manager to help you keep track of unique and robust passwords at every site.
0 Comments