Someone Apparently Hacked into 14,000 Mediacorp meconnect Accounts; Mediacorp Reset Their Password

Last Updated on 2023-02-28 , 4:45 pm

Do you use the same login details for all your digital accounts?

Maybe it’s time to stop doing that.

Someone apparently hacked into 14,000 Mediacorp meconnect accounts.

Here’s what happened.

14,000 meconnect Accounts Apparently Hacked

On 23 February, national broadcaster Mediacorp said that an unidentified external party had accessed around 14,000 accounts.

Since then, the passwords of the accounts have been reset by Mediacorp.

Mediacorp clarified that login credentials for the accounts were not leaked from the system.

The company has also reassured users that further investigations did not reveal any evidence that users’ personal data were misused or disclosed to the public. 

It also mentioned that payment information had not been compromised.

The company detected the unauthorised access towards the end of January after a surge in login activity.

Small Percentage of Total Users Affected

According to Mediacorp, these affected accounts only comprised a small percentage of the total number of meconnect accounts.

All affected users have been notified.

Their passwords were also reset.

The company has also filed a police report and informed regulators, including the Personal Data Protection Commission (PDPC).

A Mediacorp spokesperson told CNA, “We take our obligation to safeguard personal data very seriously and will continue to take the necessary precautions to protect our users’ personal data.”

A spokesman for the PDPC told The Straits Times that it is currently investigating the incident.

What is meconnect?

Remember Toggle, MeRadio and Meclub?

From 30 January 2020, their names became mewatch, melisten and merewards.

This move wasn’t simply a wuliao name change.

These name changes were part of Mediacorp’s efforts to deliver experiences designed around consumers’ preferences.

Thus, meconnect was born as a single sign-on platform to allow subscribers to access all of Mediacorp’s content and services seamlessly.

Likely a Credential Stuffing Incident

Channel News Asia reported that this incident was likely a credential stuffing incident.

For those who aren’t in the know, credential stuffing is a type of cyberattack where hackers test compromised account names and passwords on various unrelated online accounts.

Those of you who use the same username and password for everything should listen up.

These hackers conduct such tests because some use the same username and password combinations for different websites.

If your login credentials for one website are compromised, your login credentials on other sites could also be compromised.

That’s why Mediacorp advised affected account holders to check their accounts on other websites, especially if they used the same login details for other unrelated websites.

Join our Telegram channel for more entertaining and informative articles at https://t.me/goodyfeedsg or follow us on Twitter : https://twitter.com/goodyfeed

Not the Only Recent Case

In December 2022, an internal review at PayPal confirmed that unauthorised external parties could use users’ login details to access their accounts.

Though there was no evidence that any personal information of affected account holders was misused, PayPal advised affected users to take the necessary steps to protect their data.

In a digitalised world, cyberattacks are getting more and more common.

The Cyber Security Agency of Singapore (CSA) has advised the public to make strong passwords.

A strong password should be at least 12 characters and contain uppercase letters, lowercase letters, numbers and special characters.

In addition, people should enable Two-Factor Authentication (2FA) on their accounts. 

People should also switch up their passwords for their various online accounts. 

Perhaps it’s a sign to stop using the same login details for everything. 

Read Also:

Featured Image: Mediacorp.sg