Cashalo Claims Users’ Accounts Not Compromised Despite Data Breach
Online lending platform Cashalo announced that it had discovered a potential data breach but reassured its users that no customer accounts or passwords were compromised.
The company said that on 18 February 2021, its cybersecurity team discovered a potential data security incident involving a Cashalo-only database archive where an individual claimed to be in possession of a Cashalo customer database taken from a non production system used by the company.
This incident resulted in unauthorised access to a database archive that contained some personal data of Cashalo customers, including some combination of usernames, email, phone numbers, device ID, and encrypted passwords.
However, Cashalo claimed that its encryption implementation ensured that no customer accounts or passwords were compromised.
Cashalo has since taken the system offline and activated investigations, working closely with cybersecurity experts and the relevant authorities, including the Philippines’ National Privacy Commission (NPC).
“Our teams are currently conducting a thorough impact assessment with urgency to determine the nature and extent of data that has been potentially accessed”, said Cashalo in an official statement.
Apart from that, Cashalo will be notifying affected individuals about the incident.
The data breach came to light when cybersecurity consultant Cyble reported on its website that Cashalo’s 3.3 million users’ details were leaked in the darkweb.