Privacy Ninja

5.8 Million RedDoorz User Records For Sale On Hacking Forum

5.8 Million RedDoorz User Records For Sale On Hacking Forum

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum.

RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia. Using the website or mobile app, users can register an account to browser available budget hotels and book a reservation.

At the end of September 2020, RedDoorz disclosed that they suffered a data breach after an unauthorized person accessed one of their databases. At the time, though, no RedDoorz financial information or passwords were exposed “to the best of its knowledge.”

5.8 million RedDoorz user records sold online

This week a threat actor began selling a database containing 5.8 million user records that were stolen during RedDoorz’s data breach.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

As part of the sale, the threat actor shared a database sample, including the table structure and records for 587 users. These records allow us to see what was exposed during the RedDoorz breach.

Stolen RedDoorz MySQL database

For each user records in the database, a RedDoorz member’s email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation is exposed.

Sample of sold RedDoorz records

For numerous user records in the samples, BleepingComputer has confirmed that the listed email addresses and phone numbers are correct for the particular user.

While this data breach exposed far more sensitive data than initially stated by RedDoorz, it does not contain any financial information.

What should RedDoorz users do?

To be safe, if you are a RedDoorz user, you should immediately change your password.

Also Read: What is Pentest Report? Here’s A Walk-through

If you use the same password at other sites, you should also change the password at those sites to a unique and strong one for that site.

Using unique passwords at every site you have an account prevents a data breach at one site from affecting you at other websites you use.

It is suggested that you use a password manager to help you keep track of unique and robust passwords at every site.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us