Furniture Retailer Vhive’s Data Breach: Customer Information Leaked Online, Under Investigation – E Hacking News
The officials are investigating a data breach at local furniture retailer Vhive, which resulted in customer’s personal information such as phone numbers and physical addresses being leaked online. In response to questions from The Straits Times on Saturday, April 3, police confirmed that a report had been filed on the matter.
According to the company, information compromised in the hack includes customers’ names, physical and e-mail addresses, and mobile numbers, but it did not include identification numbers or financial information.
In a Facebook post on March 29, Vhive announced that its server was hacked on March 23 and that it was working with police and other relevant agencies, as well as IT forensic investigators, to investigate the breach.
“All financial records in relation to purchases made with Vhive are held on a separate system which was not hacked,” said Vhive.
“We are truly sorry for the incident and stand ready to assist you if you require immediate help,” Vhive told customers.
According to ST’s checks on Saturday afternoon, Vhive’s e-mail servers were also compromised. The website only displayed a warning of the cyber attack, while the company’s stores on the online shopping platforms Lazada and Shopee were open for business.
The Altdos hacking group, which operates mainly in Southeast Asia, has claimed responsibility for the breach. In an email to affected customers on Saturday, Altdos said it had hacked into Vhive three times in nine days and claimed to have stolen information of over 300,000 customers as well as nearly 600,000 transaction records.
The group announced that it will publish 20,000 customer records daily until its demands to Vhive’s management are met. In its Facebook statement, Vhive said it would be closely guided by the forensic investigator and authorities on the steps to protect its systems and ensure that customers can conduct transactions securely.
In previous hacking incidents, Altdos has stolen customer data from companies, blackmailed the compromised company, leaked the data online if its requirements were not met, and publicized the violations. The cyberattacks were mainly focused on stock exchanges and financial institutions.
In January, Altdos claimed to have broken into the IT infrastructure of the Bangladeshi conglomerate Beximco Group and stole data from 34 of its databases.
Last December, it hacked a Thai securities trading firm and posted stolen data online when the firm allegedly failed to confirm her emails and claims.