NAME: BALOLOT, Kathyrine A.

DATE: May 05, 2021

BONIFACIO, Mitchelle G. INSTRUCTOR: Annalyn O. Bacolod
CORDERO, Glemar Mae C.

APPLY & CREATE

Look for an E-Commerce site which became a victim of security threats. What happened? What lessons
can be learned from it?

LAZADA owned by ALIBABA

Lazada, a Southeast Asian e-commerce company, announced that it had discovered a data breach
that revealed the personal information of 1.1 million of its Singapore users.

On the 30th of October 2020, Lazada's cybersecurity staff discovered that a consumer database for
RedMart, the city-online state's grocery delivery service, had been accessed illegally. The database's
information was "more than 18 months out of date," according to the Alibaba-owned business.

According to Lazada, the database was used by the RedMart app and website and was hosted by a third-
party service provider. Lazada purchased RedMart in late 2016, and in March of this year, it merged the
grocery delivery service into its own app and website — at the same time as the affected database was
modified.

Names, phone numbers, emails, encrypted passwords, and partial credit card numbers of RedMart
customers were among the information illegally obtained. Affected users were logged out of their current
accounts and asked to reset their passwords before being able to log back in. Lazada also stated that
access to the database was automatically disabled.

The incident was confirmed to Singapore’s Personal Data Protection Commission, which is responsible for
enforcing the city-personal state’s data protection act. If a data breach affects 500 or more persons,
legislation requires organizations to inform the commission and the affected individuals.

LESSONS:

This threat experienced by Lazada in Singapore gave us a lesson that the most important thing to
do in e-commerce business is to protect the data and privacy of the users. Businesses must do everything
to protect their assets from attack. Appropriate policies and up-to-date security stack, like behavioural
analytics, are needed to rapidly detect a breach and reduce the probability of any security threats. Also, by
prioritizing the security and awareness about security threats. These are some of the list to avoid any
security threats in E-commerce website:
 Conducting employee security awareness training
 Updating the software regularly
 Develop a cyber breach response plan
 Use Network Protection measures
 Make backup copies of important business data and information
 Use a strong password and change it regularly

Users must also improve their cyber security practices in order to avoid being hacked by using
carefully chosen passwords for each site and multifactor authentication.