Singapore Press Holdings Magazines (SPH Magazines) and HardwareZone (HWZ) have apologised for a data breach affecting 685,000 user profiles on the forum site.
Meanwhile, a police report has been lodged and the Personal Data Protection Commission (PDPC) has been informed, according to a press statement confirming the move. In addition, SPH Magazines, which owns the HWZ site, has also engaged security consultants to conduct a “thorough review of the system”.
“SPH Magazines and HWZ sincerely apologise to HWZ users for this breach of security. We remain committed to protecting all personal data shared with us,” the statement added.
The move follows an investigation which found that a senior moderator’s account had been compromised by an unidentified hacker. The hacker then used the account to view approximately 685,000 registered user profiles since September 2017. This arose from a suspicious posting on the HWZ Forum website on 18 February 2018, which sparked the investigation to confirm if there was a security breach.
According to SPH and HWZ, the hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data. This comprised of name, email address and user ID of forum users, and possible optional data fields, such as year of birth, gender, country and education, to name a few.
The statement also explained that the HWZ database does not contain NRIC numbers, telephone numbers and addresses. This was because this information was purged in line with the PDPC Guidelines in July 2015. As a matter of precaution, forum users were also advised to change their forum account password.