Personal data from 2.8 million Eatigo accounts stolen, put up for sale online

Eatigo said the information stolen included names, e-mail addresses and phone numbers.
Eatigo said the information stolen included names, e-mail addresses and phone numbers.PHOTOS: SCREENSHOT FROM EATIGO.COM, ST READER

SINGAPORE - The personal information from 2.8 million Eatigo accounts has been stolen and put up for sale on an online forum, including from 400,000 accounts belonging to users in Singapore.

In an e-mail to affected customers on Saturday (Oct 31) seen by The Sunday Times, the online restaurant reservation platform said that the information stolen was from more than 18 months ago and included names, e-mail addresses and phone numbers.

"We were made aware on Oct 30th that along with several other e-commerce platforms, we were the subject of a data security incident," the company said.

"Your existing eatigo account password is protected by encryption and hence safe. We do not store credit card information on our system."

Eatigo informed the Personal Data Protection Commission (PDPC) of the breach on Friday.

An Eatigo spokesman told ST that the information was from an old database that was last updated in 2018 and is no longer in use.

“We are running checks and expect that not all 400,000 accounts relate to current users,” she added.

News of Eatigo's data breach comes just a day after e-commerce giant Lazada confirmed that personal information from 1.1 million RedMart user accounts had been stolen.

Both sets of information were put up for sale on the same website.


Eatigo said the information stolen was illegally accessed more than 18 months ago. PHOTO: ST READER

The stolen Lazada information was also more than 18 months old but it is not known if the two incidents are related.

In its e-mail, Eatigo said it will collaborate with the relevant authorities on this matter and has set up a support team that affected customers can reach out to with queries or concerns.

It also advised customers to log into their accounts and reset their passwords as a precautionary measure, and to be alert to any spam e-mails requesting personal or sensitive information.

The PDPC said it is aware of the issue and is investigating.