Furniture retailer Vhive's data breach, with customer information leaked online, under probe

Vhive said that it would be closely guided by the forensic investigator and the authorities on the steps to take to safeguard its systems. ST PHOTO: GAVIN FOO

SINGAPORE - The authorities are investigating a data breach at local furniture retailer Vhive, which led to customers' personal information such as phone numbers and physical addresses being leaked online.

Replying to queries from The Straits Times on Saturday (April 3), the police confirmed that a report has been lodged on the matter.

In a Facebook post on March 29, Vhive said that its server was hacked on March 23 and it was working with the police and other relevant authorities as well as an IT forensic investigator to look into the breach.

Information compromised in the hack includes customers' names, physical and e-mail addresses and mobile numbers, but did not include identification numbers or financial information, said the company.

"All financial records in relation to purchases made with Vhive are held on a separate system which was not hacked," it added.

"We are truly sorry for the incident and stand ready to assist you if you require immediate help," Vhive told customers.

Checks by ST on Saturday afternoon found that Vhive's e-mail servers were still compromised. The website showed only a notice of the cyber attack, while its stores on online shopping platforms Lazada and Shopee were active.

Hacker group Altdos, which mainly operates in South-east Asia, has claimed responsibility for the breach.

In an e-mail to affected customers on Saturday, Altdos said it managed to hack into Vhive three times in nine days and claimed to have stolen information related to over 300,000 customers as well as nearly 600,000 transaction records.

The website only showed a notice of the cyber attack, while its stores on online shopping platforms Lazada and Shopee were active. PHOTOS: VHIVE/FACEBOOK, VHIVE.COM.SG

The group said that it would be leaking 20,000 customer records daily, until its demands to Vhive's management are met.

In its Facebook statement, Vhive said that it would be closely guided by the forensic investigator and the authorities on the steps to take to safeguard its systems and to ensure that customers can make transactions securely.

In previous hacking incidents, Altdos stole customer data from companies, blackmailed the compromised firm, leaked the data online when their demands were not met, and publicised the breaches. Its cyber attacks have largely been focused on stock exchanges and financial institutions.

In January, it claimed to have broken into Bangladeshi conglomerate Beximco Group's IT infrastructure, stealing data from 34 of its databases.

Last December, it hacked a Thai securities trading firm, and dumped stolen data online when the firm allegedly did not acknowledge its e-mail and demands.

Join ST's WhatsApp Channel and get the latest news and must-reads.