Alleged Data Leak By SMRT-Backed Start-Up Shows Need For Better Data Security

Jalan App’s Alleged Data Leak Releases Over 500 Emails

Weeks after the largest cyber-attack on Singapore, it appears that not all businesses are taking data security seriously.

That’s if you believe Redditor u/chickenbruschetta, who alleges that a local start-up accidentally leaked hundreds of its users’ email addresses.

The post in r/Singapore has received over 150 upvotes in 15 hours.

Trouble began on Friday (10 August), when Jalan invited users to try its beta membership package.

The Redditor noticed that he wasn’t the only recipient of the email, which was sent at 4pm on Friday. Insteading of BCC-ing all its users, the start-up plonked all their emails in the addressee field.

That means recipients basically saw this:

Source

The Jalan app gives users with route choices based on different combinations of transport modes. It also allows them to book and pay for shared bicycles and e-scooters, which means it contains sensitive payment information.

The app’s developer mobilityX is seed-funded by SMRT and supported by the Economic Development Board.

 

Email only what

You might brush off the data leak as a minor one, since just email addresses were used. But with just an email account, hackers can still wreak havoc.

With just an ID, it’s not that difficult to hack into your email. That’s because some Singaporeans remain ignorant about password security.

In 2015, The Straits Times reported that common passwords among netizens here include:

  • 123456
  • password
  • welcome
  • baseball
  • dragon

And a quick scan of the emails show that some were Government-linked, including addresses belonging to NTU’s web domain.

Redditors were largely outraged with the leak, calling on the thread starter to report the matter to the Personal Data Protection Commission.

Spotlight on data security

The data leak comes as national attention on cybersecurity is at an all-time high. In July, SingHealth announced that it had been the victim of a cyber-attack, believed to be the largest in Singapore’s history.

It appears that hackers were after the medical records of Prime Minister Lee Hsien Loong. But they also amassed the data of more than 1.5 million Singaporeans in the process.

Featured image from Reddit.

The Must Share News Team

Teamwork makes the dream work.

Recent Posts

Continuous heavy traffic expected at S’pore-JB checkpoints till end of 2024: ICA

A record of more than 553,000 travellers crossed both checkpoints on 13 Dec.

22 Dec 2024, 7:25 pm

H5N1 poses ‘highest risk’ of becoming next pandemic, S’pore health authorities monitoring situation

There has been no year-end Covid-19 wave, as had been expected.

22 Dec 2024, 6:42 pm

Wagyu beef worth S$5,700 found in car entering JB from S’pore, M’sian driver arrested

The beef was imported without a veterinary health certificate and halal certification.

22 Dec 2024, 5:40 pm

Long queue forms at Jalan Besar Stadium for tickets to ASEAN Championship semi-final

One fan started queueing as early as 7am.

22 Dec 2024, 4:50 pm

Toys“R”Us in Japan sends parcels in plain boxes before Christmas, praised for protecting ‘Santa’s surprise’

The company made the change after parents said they wanted to make sure their gifts…

22 Dec 2024, 4:36 pm

Google Maps helps Spanish police arrest murder suspects caught transporting corpse on Street View

An incredible twist of fortune for the police -- and a stroke of bad luck…

22 Dec 2024, 2:59 pm