Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

5.8 Million RedDoorz User Records For Sale On Hacking Forum

5.8 Million RedDoorz User Records For Sale On Hacking Forum

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum.

RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia. Using the website or mobile app, users can register an account to browser available budget hotels and book a reservation.

At the end of September 2020, RedDoorz disclosed that they suffered a data breach after an unauthorized person accessed one of their databases. At the time, though, no RedDoorz financial information or passwords were exposed “to the best of its knowledge.”

5.8 million RedDoorz user records sold online

This week a threat actor began selling a database containing 5.8 million user records that were stolen during RedDoorz’s data breach.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

As part of the sale, the threat actor shared a database sample, including the table structure and records for 587 users. These records allow us to see what was exposed during the RedDoorz breach.

Stolen RedDoorz MySQL database

For each user records in the database, a RedDoorz member’s email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation is exposed.

Sample of sold RedDoorz records

For numerous user records in the samples, BleepingComputer has confirmed that the listed email addresses and phone numbers are correct for the particular user.

While this data breach exposed far more sensitive data than initially stated by RedDoorz, it does not contain any financial information.

What should RedDoorz users do?

To be safe, if you are a RedDoorz user, you should immediately change your password.

Also Read: What is Pentest Report? Here’s A Walk-through

If you use the same password at other sites, you should also change the password at those sites to a unique and strong one for that site.

Using unique passwords at every site you have an account prevents a data breach at one site from affecting you at other websites you use.

It is suggested that you use a password manager to help you keep track of unique and robust passwords at every site.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us