Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Singtel’s data breach: What happened, and how can you protect yourself?

By Rhyn Chan - on 21 Feb 2021, 9:41am

Here's why the Singtel database hack occurred and what you can do to protect yourself

Note: This article was first published on 18 Feb 2021.

Singtel Logo

Singtel’s announcement of their data breach which affected approximately 129,000 customers should be a cause for concern, as identifiable data containing NRIC and a combination of phone number, address, name, and date of birth was part of that leak.

Singtel was alerted by Accellion, a third-party vendor for a file-sharing system, that unidentified hackers have gained access to that file-sharing server which is used to disseminate information within Singtel’s internal systems and external stakeholders.

The hackers used unknown zero-day vulnerability exploit, which Accellion wasn't made aware till much later to follow-up with the necessary fixes. However, it wasn't effective, which allowed the hackers to breach the system and gain access to the information on Singtel's servers.

On 28th Jan 2021, Accellion announced that the file-sharing system will reach its end of life on 30th April 2021, and Singtel addressed the incident in this FAQ, stating that they are currently upgrading or replacing the existing system, while evaluating on their file-sharing protocols to enhance their security.

Straits Times has the full report on the hack and we’ve covered it in more details earlier. While Singtel will be contacting those affected by the breach, here are some immediate steps you can take as these are useful checks you can conduct even if you’re not affected by the breach.

 

Turn on App-Based Two-Factor Authentication (2FA)

Google Authenticator with copy about getting 2FA codes for all accounts

If you haven’t activated 2FA for your email, online shopping, or social media accounts, now is the best time to do so.

Most companies will request that you provide your personal phone number or use an app like Google Authentication or Microsoft Authenticator. Since phone numbers are part of the compromised data, opt to use the authentication apps instead.

And never share your 2FA or One-Time Password (OTP) with anyone, even if they’re someone close to you. There have been reports of WhatsApp account takeovers by bad actors trying to steal more private information like credit card details.

 

Use A Password Manager

1Password app that shows how it works.

This is more of a precautionary measure; if your passwords are still “123456” or “password”, this is a really good time to look at a password manager that we’ve detailed here.

Basically, a password manager helps you to generate unique and complex passwords, without requiring that you remember them. It should automatically fill up these login details, as long as you’ve installed the password manager app on your phones or computers.

 

Enable Call and SMS Filtering

ScamShield: blocks spam calls and SMS on mobile devices

We’ve got random calls and SMS from weird numbers before requesting our bank information or our online shipping is stuck in customs, but we know that it’s a scam. If you want to filter out these nuisances, we’ve got you covered.

For iPhone users who are on iOS 12.4 and above, you can download the ScamShield app to filter out unsolicited messages and calls, which we’ve talked about in more detail in this article. Note that it doesn't interface with your messaging apps like WhatsApp, Telegram, etc., so you'll still have to be vigilant on third-party messaging apps.

On Android 6.0 and above, you can turn on caller ID and spam protection in the Settings app. For the filter to work, it does require that the sender’s information be sent to Google for verification.

 

Check if your email has been breached

Homepage for haveibeenpwned.com

Last but not least, you should check if any of emails have been breached. To do this, 1Password created this website that checks with their database to see if your email address has been leaked.

If your email is part of a data breach, head over to the affected website and change your password immediately with a password generator or use a complex phrase instead. And then turn on 2FA!

Source: Singtel, Accellion, Straits Times, HardwareZone

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.