On 14 May 2021, Carousell Pte. Ltd. (“Carousell”) informed the Personal Data Protection Commission (“the Commission”) about an incident of unauthorized access to its users’ accounts due to a “credential stuffing” attack. Credential stuffing refers to a type of cyberattack where a cybercriminal accesses user accounts from one organisation using the usernames and passwords stolen […]