Suspected data breach at online bookstore leads to 230 scams

Image from taaze.tw

TAIPEI (CNA) — A suspected data breach at the online bookstore TAAZE has caused 230 of its customers to be scammed for an estimated total of NT$22 million (US$738,540), the Criminal Investigation Bureau (CIB) said Sunday.

Between Jan. 1 and Aug. 9, the 230 people reported to the 165 anti-fraud hotline that they had been scammed after placing an order on TAAZE, the CIB said, adding that 45 of the cases — nearly 20 percent of the total — were reported last week alone.

One TAAZE customer who fell victim to the scam is a 35-year-old teacher from New Taipei surnamed Hsu (許), the CIB said.

After buying NT$930-worth of books, Hsu received a call from a scammer who claimed to be a customer service employee at the online bookstore, the CIB said.

The scammer told Hsu that something had gone wrong with the payment settings for the order, saying that since it was mistakenly set to “pay by installments,” Hsu would have to pay repeatedly for the books.

Hsu then followed the scammer’s instructions in an attempt to “undo” the mistake on a bank app, not realizing that the action resulted in money being wired out of the account.

Not until the scammer had siphoned off the NT$790,000 Hsu had in the account did Hsu realize that something was wrong, the CIB said.

The CIB said that the repeated scams seem to imply that TAAZE has suffered from a data breach and that there are clear loopholes in its website security.

The bureau called for members of the public to only buy products from trusted online sites, to be aware of scammers that requested them to operate via an ATM or bank app, and to call the 165 anti-fraud hotline if they think anything is amiss.