A Facebook post by a Lazada Malaysia user has gone viral. In the post, the user, Pin Pin, has detailed how hackers allegedly gained access to her Lazada account and made fraudulent purchases.
Pin Pin's Facebook post, at the time of writing this story, had been shared by over 1,200 people. In her post, Pin Pin had tagged Lazada while asking others to "beware".
According to Pin Pin's FB post, her Lazada account was hacked on 7 March. She received a text alerting her to a transaction and an alert from Lazada Malaysia about a request to change her account email.
After gaining access to her accounts on Lazada Malaysia and PayPal, the hacker first made a small purchase of RM5.19 and shipped it to Pin Pin's address. Following a successful purchase, the hacker then made a bigger purchase of RM3,513, which was billed to the user's card. She attached screenshots of the fraudulent purchases.
She then contacted Lazada on 7 March and tried again multiple times when her issue was still not resolved after multiple emails from them
On 20 March, she visited the Lazada HQ, but her case was not resolved and the purchases still continued
She proceeded to lodge a police report. She also found out that another Lazada user faced a similar situation after his account was hacked.
On 22 March, the user's Facebook post went viral with over 1,200 shares and her case was then addressed by Lazada. A spokesperson told SAYS that the company has investigated the matter.
The spokesperson added that they "can confirm that the individual's email and password were obtained from another website. The individual's Lazada account was then accessed, and orders made."
When asked what steps Lazada took to address the issue, the spokesperson told us that the fraudulent orders were cancelled
"Once Lazada was informed, we took action to cancel the fraudulent orders. As of today (Thursday), 9pm, the customer has acknowledged that she has received her refund from Lazada," the spokesperson told us via email.
We checked with the user, Pin Pin, and she confirmed the full refund from Lazada.
Furthermore, Lazada Malaysia told us that the company takes security very seriously, adding, "We can confirm that our systems remain safe and uncompromised". Here's what the company recommends its customer do to safeguard their accounts:
"We strongly encourage consumers to take necessary precautions to protect their login credentials and passwords," it said, advising against using the same login ID and password on other sites to prevent hacks.
In addition to the above, Lazada added that "bank transfers and credit card transactions on Lazada Malaysia do require an additional security measure such as the One-Time Pin (OTP) which is sent to the customers mobile phone for added verification."
Meanwhile, in order to enforce an additional security measure on PayPal, Lazada Malaysia has de-linked all PayPal account from Lazada customer accounts
PayPal will now require an additional layer of security that is similar to other payment methods, according to the Lazada Malaysia spokesperson.
In other news, AirAsia CEO has apologised over an incident that involved a KLIA2 baggage handler throwing bicycles onto the ground: