SPH-owned HardwareZone Forum hacked; 685,000 users affected in Singapore’s largest data breach

1984

The personal details of 685,000 registered HardwareZone forum users were compromised in a security breach. This is Singapore’s largest data breach to date.

The actual hacking reportedly took place in September last year but SPH Magazines only discovered the breach last Sunday, 18 Feb 2018 – months after the breach occurred.

According to SPH Magazines, the breach was discovered after the group noticed a “suspicious posting” last Sunday. The internal investigation that followed showed that a senior moderator’s account had been compromised by an unidentified hacker.

SPH Magazines revealed: “The hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data which comprised name, email address and user ID, and possible optional data fields.”

The group has since lodged a police report and has engaged security consultants to review the forum system.

The full names, usernames and email addresses of a whopping 685,000 users were compromised. SPH Magazines says that hackers did not get users’ NRIC numbers, telephone numbers and addresses as these details were purged from their database in Jult 2015, following Personal Data Protection Act guidelines.

The group apologised for the security lapse: “SPH Magazines and HWZ sincerely apologise to HWZ users for this breach of security. We remain committed to protecting all personal data shared with us.”

The Uber security breach in 2016 is the second-largest data breach, following this HardwareZone forum hacking. The names, email addresses and mobile phone numbers of 380,000 of Uber Singapore users’ were accessed by hackers in that attack in 2016.