SINGAPORE - Online fashion retailer Zalora.sg has issued a statement to refute claims that its customers data have been leaked.
The rebuke comes after online satirical group SMRT Ltd (Feedback) posted a screenshot on Tuesday evening showing a seller who claimed to have the details of 900,000 Zalora customer accounts.
The online vigilante group later clarified that the data breach amounted to 1.49 million Singapore online shopping accounts, of which 400,000 was from Zalora.sg and Reebonz.com.sg each. The remaining 650,000 account details were from Deal.com.sg, SMRT Ltd (Feedback) said.
An hour after SMRT Ltd (Feedback) posted the screenshot, a person claiming to be the Head of Data at Zalora Singapore, Dat Le, commented on the photo, saying that "[Zalora does] not have 900,000 customers in Singapore."
"I have just double checked myself for each of the order_id(s) showed and can confirm that," Dat Le said on his Facebook page.
Zalora.sg posted an official statement on its Facebook page today afternoon denying the data breach.
"We've checked our database log and information and we confirm that the screen capped database that is posted is not our database," Zalora said.
"We would like to assure our online shoppers that we follow a comprehensive personal data protection policy, and our database is secured behind several layers of protection and access control, with detailed audit logs for monitoring."
According to the SMRT Ltd (Feedback) screenshot, the seller claimed to have been selling account information for the past four years, and was asking for $4,500 for the 900,000 account details.
Zalora said in its statement that its customer database "is extremely secure and has never been sold, monetised or shared with third parties."