After the attack, RedDoorz amended its credential policy and implemented two-factor authentication for all developers’ tools and accounts.
- Millions of RedDoorz’s user records were sold on underground forums in September and October last year. The compromised data included the customers’ names, contact numbers, hashed passwords, and booking information, but the report noted that masked credit card numbers were not accessed.
“RedDoorz, a Singapore-based hospitality firm, was fined S$74,000 (around US$54,000) in September for failing to prevent the external access and exfiltration of the data,” The Business Times reported, citing the decision published by the Personal Data Protection Commission (PDPC).
Full article here