Singapore and Jakarta-based news website Tech in Asia has reportedly suffered a massive data breach. The alleged ‘Tech in Asia Data Breach’ seems to have affected a massive userbase of 230,000 users. The leaked data allegedly contains sensitive user information, which has raised concerns about potential identity theft and targeted attacks.

Understanding the Tech in Asia Data Breach: What Data Was Leaked?

Tech in Asia is headquartered in Singapore and the news website covers topics on startups and innovation in Asia. It was founded in August 2010. Threat Actor (TA) Sanggiero has claimed responsibility for the Tech in Asia Data Breach. The TA has allegedly published the leaked data on a popular hacking forum Breach Forums. The leaked data allegedly contains a significant amount of information pertaining to 230,000 users. Sanggiero also claimed that the sensitive information was breached in June 2024. According to the TA, the following data has been exposed. User ID: Each of 230,000 users has unique ids assigned within the Tech in Asia platform. Tech in Asia ID: The ID is potentially an internal identity which is specifically associated with the news platform Email Address: This is the crucial sensitive information that the users have submitted to the organization which the website uses to communicate apart from verifying their credentials. User Roles: The information that could be exposed includes the permission or access level granted to a user within the platform. Examples includes subscriber, writer or editor. Full Name: This includes sensitive information like both the first and last name details of the user. Display Name: This is the name chosen by the user to be displayed publicly on the Tech in Asia website which may or may not be the actual name. Registration Date: This is the date on which the user created his or her account on the news platform. Avatar URL: The avatar is nothing but the web address of the user's profile picture on Tech in Asia. Author URL: It could potentially be a link to the user’s home page or portfolio on which he or she publishes articles on within the Tech in Asia platform.

Exploiting Vulnerabilities: How Did Tech in Asia Data Breach Occur?

Threat Actor Sanggiero has claimed that he hacked the website and gained access to this large database by exploiting the vulnerabilities within the Tech in Asia's API (Application Programming Interface). API is a software intermediary that allows the TA to run two software applications to communicate with each other. Vulnerabilities within the Tech in Asia’s API could have allowed the hacker to gain unauthorized access to the data of 200,000 + users. The TA infact identified other bugs that allowed him to gain access to the website’s internal services.

What Should Affected Users Do?

These types of data breaches have become common across the globe. While it is currently unclear as to how the TA intends to use the stolen data, users in Tech in Asia must take the following precautionary steps: Change password: Users must immediately change their password on Tech in Asia platform apart from any other accounts that use the same login credentials. Beware of phishing attempts: Now that the hacker revealed that the email ids have been leaked, the users must be wary of targeted phishing attacks. They should not click any emails which requests them to share personal information or that share suspicious links. Monitor accounts: The users must also stay alert for unusual activity on their accounts in the news website or any accounts linked with the leaked email addresses. Tech in Asia Response Awaited At the time of publishing this article, Tech in Asia has yet to release an official statement regarding the data breach. However, it is expected that they will soon address the data breach and outline steps to users to safeguard their data and also on the efforts taken to prevent future data breaches. The article will be updated as more the organization updates its response. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.