RedDoorz suffered a data breach in September and a threat actor is selling the stolen database containing 5.8 million user records on a hacker forum.
RedDoorz is a Singapore-based hotel management & booking platform, which has more than 1,000 properties across Southeast Asia.
The users can register an account using the website or mobile app of the company in order to check available budget hotels and book a reservation.
RedDoorz revealed the data breach in the end of September when an unauthorized person accessed one of their databases. During that time, no RedDoorz financial information or passwords were exposed according to their knowledge.
The threat actor began to sell a database containing 5.8 million user records this well. He also shared a database sample, including the table structure and records for 587 users. These records let us see what was exposed during the RedDoorz breach.
The user records contain details such as the member’s email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation.
It was confirmed that the listed email addresses and phone numbers are correct for a large number of users.
However, it is relieving to know that no financial information was exposed.
The RedDoorz users are recommended to immediately change their password. If the same password is used across other sites then it is necessary to change the passwords of those sites as well to prevent credential stuffing attack.
Make it a practice to use unique passwords for all your accounts and also use a password manager to keep track of your passwords.