HardwareZone security breach affects 685,000 user profiles

HardwareZone's owner SPH Magazines announced in a press release yesterday, Feb 20, that the site was hit by a security breach. An estimated 685,000 user profiles were affected in the incident, reported ChannelNewsAsia. 

The news release said that an investigation was prompted by a suspicious post on Sunday. It was found that a senior moderator’s account had been compromised by an unidentified hacker. The account was used to access the user profiles since September 2017.

"The hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data which comprised name, email address and user ID, and possible optional data fields," said SPH Magazines. 

Photo: screenshot from website
Photo: screenshot from website

The HardwareZone database did not contain NRIC numbers, telephone numbers and addresses. All these information had been purged in line with the Personal Data Protection Commission (PDPC) guidelines in July 2015, according to the report.    

SPH Magazines advised users of the online tech portal to change their account password as a matter of precaution. The company has also engaged security consultants to conduct "a thorough review of the system".

A police report has also been lodged and PDPC has been informed, SPH Magazines said. "SPH Magazines and HWZ sincerely apologise to HWZ users for this breach of security. We remain committed to protecting all personal data shared with us."