Weeks after the largest cyber-attack on Singapore, it appears that not all businesses are taking data security seriously.
That’s if you believe Redditor u/chickenbruschetta, who alleges that a local start-up accidentally leaked hundreds of its users’ email addresses.
The post in r/Singapore has received over 150 upvotes in 15 hours.
Trouble began on Friday (10 August), when Jalan invited users to try its beta membership package.
The Redditor noticed that he wasn’t the only recipient of the email, which was sent at 4pm on Friday. Insteading of BCC-ing all its users, the start-up plonked all their emails in the addressee field.
That means recipients basically saw this:
The Jalan app gives users with route choices based on different combinations of transport modes. It also allows them to book and pay for shared bicycles and e-scooters, which means it contains sensitive payment information.
The app’s developer mobilityX is seed-funded by SMRT and supported by the Economic Development Board.
You might brush off the data leak as a minor one, since just email addresses were used. But with just an email account, hackers can still wreak havoc.
With just an ID, it’s not that difficult to hack into your email. That’s because some Singaporeans remain ignorant about password security.
In 2015, The Straits Times reported that common passwords among netizens here include:
And a quick scan of the emails show that some were Government-linked, including addresses belonging to NTU’s web domain.
Redditors were largely outraged with the leak, calling on the thread starter to report the matter to the Personal Data Protection Commission.
The data leak comes as national attention on cybersecurity is at an all-time high. In July, SingHealth announced that it had been the victim of a cyber-attack, believed to be the largest in Singapore’s history.
It appears that hackers were after the medical records of Prime Minister Lee Hsien Loong. But they also amassed the data of more than 1.5 million Singaporeans in the process.
Featured image from Reddit.
Keep a lookout for their content on social media platforms as politicians gear up for…
They were held for two weeks before being deported.
He made the decision to do so 45 minutes into the attack.
The baby is believed to have been dead for at least three days.
Netizens praised the two men, wishing them an abundance of blessings.
The teacher claimed he had accidentally clicked on "something", which led to the inappropriate website.
![](data:image/svg+xml;charset=utf-8,<svg height="3058px" width="1080px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)