The online shopping platform Carousell has more than 320,000 Hong Kong account information. Last year, the Hong Kong Personal Information Privacy Commissioner Commission criticized Carousell to make fundamental mistakes in terms of security.
Comprehensive Ming Daily and Sing Tao Daily reported that the Commission on Thursday (December 21) released an investigation report on the incident.
The agency's investigation found that when Carousell Group was migrated by system migration, it launched a user application interface to display all the users tracked by the user.As a result, the filter of the personal information of private accounts is not displayed, resulting in the display of personal data during the launch interface.Carousell said the situation is incorrect.
Privacy Commissioner Zhong Liling pointed out that hackers took 46 account information through an IP address from Myanmar's Internet service providers in May and June last year, and then hacked using these 46 accounts to track the tracking number to trackA large number of other accounts were obtained and their personal information was obtained, and one of the accounts tracked more than 810,000 accounts.
Zhong Liling believes that Carousell has not conducted a privacy impact assessment before the system migration, the encoding and re -inspection procedures are incomplete, and effective detection measures are lacking.Sexual errors are very disappointing.
The Office has issued an execution notice to Carousell to instruct the platform to correct its violations and prevent the situation from happening again.
Personal data involving 2.6 million Carousell users last year leaked last year, including more than 320,000 Hong Kong user accounts, and leaked personal data include email address, phone number and date of birth.
