Massive Data Breach at Lazada Philippines: 18 Million Customer Records Allegedly Compromised

Threat Actor: Unknown | Unknown
Victim: Lazada Philippines | Lazada Philippines
Price: Not specified
Exfiltrated Data Type: Personally identifiable information (PII)

Key Points :

  • A massive data breach involving Lazada, one of the Philippines’ largest e-commerce platforms, was reported by cybersecurity researcher Infosecdad on his Facebook page.
  • The breach exposed approximately 18 million records of personally identifiable information (PII) of Lazada Philippines customers.
  • The compromised data includes sensitive personal information such as names, mobile numbers, email addresses, gender, ID/certificate numbers, dates of birth, and physical addresses.

Manila, Philippines – Earlier today, a massive data breach involving Lazada, one of the Philippines’ largest e-commerce platforms, was first reported by cybersecurity researcher Infosecdad on his Facebook page. The breach revealed that an unknown threat actor is selling Lazada Philippines customer information on a Chinese hacking forum.

The compromised data set includes highly sensitive personal information such as names, mobile numbers, email addresses (both personal and corporate), gender, ID/certificate numbers, dates of birth, and physical addresses.

According to the forum post, approximately 18 million records of personally identifiable information (PII) have been exposed. This vast amount of data being sold poses severe risks, including identity theft, financial fraud, and other malicious activities. The threat actor responsible for this breach did not use any alias or handler name, opting instead to use numbers to identify forum members, adding an additional layer of anonymity to their activities.

This breach has profound implications for both the affected individuals and Lazada as a company. Customers whose data has been compromised are now vulnerable to various cyber threats. Affected customers should take immediate measures to protect themselves, including monitoring financial accounts for suspicious activity, changing passwords for online accounts, particularly those associated with Lazada, and being cautious of phishing attempts and unsolicited communications seeking additional personal information.

Lazada is expected to initiate a comprehensive investigation into the breach and strengthen its security measures to prevent future incidents. It is also anticipated that the company will notify affected customers and provide guidance on protecting their information.

The Deep Web Konek Team has reached out to Lazada Philippines for an official statement regarding the incident. As of now, Lazada has not provided any official comment on the matter.

This incident underscores the escalating risks associated with data breaches and the critical need for robust cybersecurity practices. Organizations must prioritize the protection of customer data to maintain trust and comply with legal obligations. Ensuring stringent security measures and quick, transparent responses to breaches are essential steps in mitigating the damage caused by such incidents.

Facebook Post: https://www.facebook.com/100066554077374/posts/pfbid02od6Srvc1t3Z8LjDtasrT11Pkt554ytu7a8g4VkuCUkxU8rsYVDAwVhzdKxB7S9qZl/?app=fbl

The screenshot provided by Infosecdad on his Facebook Page

Manila, Philippines – Earlier today, a massive data breach involving Lazada, one of the Philippines’ largest e-commerce platforms, was first reported by cybersecurity researcher Infosecdad on his Facebook page. The breach revealed that an unknown threat actor is selling Lazada Philippines customer information on a Chinese hacking forum.

The compromised data set includes highly sensitive personal information such as names, mobile numbers, email addresses (both personal and corporate), gender, ID/certificate numbers, dates of birth, and physical addresses.

According to the forum post, approximately 18 million records of personally identifiable information (PII) have been exposed. This vast amount of data being sold poses severe risks, including identity theft, financial fraud, and other malicious activities. The threat actor responsible for this breach did not use any alias or handler name, opting instead to use numbers to identify forum members, adding an additional layer of anonymity to their activities.

This breach has profound implications for both the affected individuals and Lazada as a company. Customers whose data has been compromised are now vulnerable to various cyber threats. Affected customers should take immediate measures to protect themselves, including monitoring financial accounts for suspicious activity, changing passwords for online accounts, particularly those associated with, and being cautious of phishing attempts and unsolicited communications seeking additional personal information.

Lazada is expected to initiate a comprehensive investigation into the breach and strengthen its security measures to prevent future incidents. It is also anticipated that the company will notify affected customers and provide guidance on protecting their information.

The Deep Web Konek Team has reached out to Lazada Philippines for an official statement regarding the incident. As of now, Lazada has not provided any official comment on the matter.

This incident underscores the escalating risks associated with data breaches and the critical need for robust cybersecurity practices. Organizations must prioritize the protection of customer data to maintain trust and comply with legal obligations. Ensuring stringent security measures and quick, transparent responses to breaches are essential steps in mitigating the damage caused by such incidents.

Facebook Post: https://www.facebook.com/100066554077374/posts/pfbid02od6Srvc1t3Z8LjDtasrT11Pkt554ytu7a8g4VkuCUkxU8rsYVDAwVhzdKxB7S9qZl/?app=fbl

Source: https://kukublanph.data.blog/2024/06/26/massive-data-breach-at-lazada-philippines-18-million-customer-records-allegedly-compromised/