In an email to its customers, the popular cashback reward service, ShopBack has revealed that its backend systems which contained personal data of its users have been compromised. According to the FAQ document that was published by the company to address the incident, ShopBack stumbled upon the security breach around a week ago on 17 September 2020.
In the same email, ShopBack noted that the scope of the incident is still under investigation at the moment. Hence, the amount of compromised data is not yet known for the time being, although it seems that the incident affects not only ShopBack Malaysia users but also Singapore, Vietnam, Thailand, the Philippines, Taiwan, and Australia.
— Mohd Khairil Nizam (@khainiz94) September 25, 2020
For our market, the types of data that users may have provided to ShopBack Malaysia to utilise its services includes one’s name, contact information, gender, date of birth, and bank account numbers.
While ShopBack believes that personal data contained within its system has not been misused, the company encourages users to reset and change their passwords even though the passwords for ShopBack account have been encrypted by default. As for users’ cashback balance, it remained intact according to the company.
All in all though, we recommend all ShopBack users to not only change their password but to also be extra careful and remain vigilant of possible phishing attempts on them due to the security breach of ShopBack’s backend systems.
(Thanks for the tips, @khainiz94!)