SINGAPORE: A 22-year-old man has been arrested for his suspected involvement in compromising Mediacorp’s meconnect accounts.
The police said on Monday (Mar 13) that they received a report on Feb 22 regarding 14,000 meconnect accounts being compromised.
Through follow-up investigations, officers from the Criminal Investigation Department established the identity of the man and arrested him on Mar 9.
The man is assisting with investigations into an offence of unauthorised access to computer materials. The offence carries a fine not exceeding S$5,000, imprisonment of up to two years, or both.
Mediacorp last month advised a total of 14,000 meconnect users to change their passwords after their accounts were accessed.
It added that login credentials were not leaked from the system and further investigations did not reveal any evidence that users’ personal data had been misused or disclosed to the public.
Mediacorp also assured users that no payment information was compromised.
The unauthorised access was detected during monitoring in late January and was carried out by an unidentified external party, said the national media network. The meconnect accounts are used to access Mediacorp services such as mewatch.
It was understood that this was likely a credential stuffing incident, a type of cyber attack where credentials obtained from a data breach of one service are used to attempt to log in to another unrelated service. This is based on the assumption that usernames and passwords are often reused across multiple services.
Mediacorp notified all affected account holders and strongly advised them to change their passwords as well as check any other accounts where the same login credentials were used.
Mediacorp, which owns CNA, said it had filed a police report and notified regulators, including the Singapore Personal Data Protection Commission.