In the same email, ShopBack noted that the scope of the incident is still under investigation at the moment. Hence, the amount of compromised data is not yet known for the time being, although it seems that the incident affects not only ShopBack Malaysia users but also Singapore, Vietnam, Thailand, the Philippines, Taiwan, and Australia.
— Mohd Khairil Nizam (@khainiz94) September 25, 2020 For our market, the types of data that users may have provided to ShopBack Malaysia to utilise its services includes one’s name, contact information, gender, date of birth, and bank account numbers. While ShopBack believes that personal data contained within its system has not been misused, the company encourages users to reset and change their passwords even though the passwords for ShopBack account have been encrypted by default. As for users’ cashback balance, it remained intact according to the company.
All in all though, we recommend all ShopBack users to not only change their password but to also be extra careful and remain vigilant of possible phishing attempts on them due to the security breach of ShopBack’s backend systems. (Thanks for the tips, @khainiz94!)