SINGAPORE: Approximately 685,000 user profiles were affected when the HardwareZone (HWZ) Forum website was hit by a security breach, the site's owner SPH Magazines said in a news release on Tuesday (Feb 20).
A suspicious post on Sunday prompted an investigation to ascertain whether a security breach had occurred, the news release said.
The probe showed that a senior moderator’s account had been compromised by an unidentified hacker, and used to access the user profiles since September 2017.
"The hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data which comprised name, email address and user ID, and possible optional data fields," said SPH Magazines.
It added that the database of the online tech portal did not contain NRIC numbers, telephone numbers and addresses as these had been purged in line with the Personal Data Protection Commission (PDPC) guidelines in July 2015.
As a matter of precaution, forum users were advised to change their forum account password, SPH Magazines said, adding that it has also engaged security consultants to conduct "a thorough review of the system".
A police report has been lodged and PDPC has been informed, SPH Magazines said.
"SPH Magazines and HWZ sincerely apologise to HWZ users for this breach of security. We remain committed to protecting all personal data shared with us," the release added.
In response to queries, a spokesman for the Personal Data Protection Commission (PDPC) told Channel NewsAsia that it is investigating the incident and "strongly encouraged" HWZ users to change their passwords, as advised by SPH Magazines.