Passwords of 14,000 Mediacorp meconnect accounts reset following unauthorised access

The unauthorised access to 14,000 meconnect accounts was detected in late January, with affected users having their passwords reset. PHOTO: SCREENGRAB FROM MEDIACORP
Aqil Hamzah
Updated
Feb 23, 2023, 06:06 PM
Published
Feb 23, 2023, 01:41 PM

SINGAPORE – Some 14,000 meconnect users have had their passwords reset after their accounts were accessed by an unidentified external party, national broadcaster Mediacorp said on Thursday.

It said that login credentials for the accounts – which are used to access Mediacorp services such as online streaming platform meWatch – were not leaked from the system, and “further investigations did not reveal any evidence that users’ personal data had been misused or disclosed to the public”.

Payment information had not been compromised either.

Mediacorp informed all affected account holders about the matter and reset their passwords. It also filed a police report and informed regulators, including the Personal Data Protection Commission (PDPC).

A PDPC spokesman said in response to The Straits Times’ queries that it is investigating the incident and has reached out to the broadcaster for more information.

Mediacorp said the unauthorised access was detected in late January after a surge in login activity.

CNA reported that “this was likely a credential stuffing incident”.

In such attacks, hackers test compromised account names and passwords on various unrelated online accounts.

They do this because some people use the same username and password combinations across different sites, so if their login credentials have been compromised once, their accounts on other sites could be compromised as well.

Mr Kevin Reed, chief information security officer of cyber-security company Acronis, said research has shown that people tend to recycle passwords for services that are not essential or sensitive.

He recommended the use of dedicated password managers, which are software applications that store and manage online credentials.

However, he expected the risks posed to affected users in this incident to be low.

“It seems that payment information cannot be retrieved by the logged-in account, and thus the worst (that) users can expect is their accounts being stolen,” he said.

“They will then need to cancel the service and reapply for it.”

Mediacorp had advised affected users to check any of their other accounts which may have used the same login credentials, noting that the affected users made up a “small percentage” of its total meconnect user base.

A spokesman for Mediacorp said that its operations and services were unaffected and had not been disrupted by the incident.

“We take our obligation to safeguard personal data very seriously and will continue to take the necessary precautions to protect our users’ personal data.”

More On This Topic
Login credentials of Singapore data centre clients put up on forum for free
Keppel Telecommunications and Transportation hit by data breach

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top