The breach, reported by Deep Web Konek on its own Facebook page, revealed that an unknown threat actor is selling the personal information of Lazada Philippines customers on a Chinese hacking forum.
Deep Web Konek – which has earlier this week first revealed the cybersecurity breach of fast food chain Jollibee – said that the compromised data set includes highly sensitive information such as names, mobile numbers, email addresses, gender, ID numbers, dates of birth, and physical addresses.
Approximately 18 million records of personally identifiable information have been exposed, posing severe risks including identity theft and financial fraud, the group said.
The threat actor responsible for this breach used numeric identifiers instead of an alias, adding an extra layer of anonymity.
We’ve reached out to Lazada and will update this story once they reply.