A group of hackers based in Russia is seeking to sell log-in details to Wallapop accounts on messaging app Telegram to facilitate fraud, website El Español reports. 

Alongside Adevinta Spain’s Milanuncios, Barcelona-headquartered Wallapop is the leading general goods marketplace in Spain.

In a boilerplate statement to El Español, the marketplace operator said; “Wallapop is committed to working tirelessly to identify and close any security breach that may affect its community … Fraudulent activities are strictly prohibited on the platform. As part of its prevention policy, the Trust & Safety team, which accounts for 6% of the workforce, monitors activity on the platform to prevent illegal activities by users and encourages users to report any improper behavior.” 

The company added that it had deployed such fraud-prevention measures as two-factor authentication, login risk identification and a session management system, in addition to communication campaigns intended to raise awareness with regard to cybersecurity among its users.

This illegal activity may be related to a data breach at the company in November 2019, which led Wallapop to close all active users sessions so they could change their passwords. 

At the time, Edurne de Oteiza, then director of operations and marketing at Wallapop (her job title has since changed to chief of staff — LinkedIn profile), told website Cyber Security News: “We have recently detected improper access in Wallapop, which means we cannot 100% guarantee the security of user data. To avoid the risk of illegal use, we have closed the sessions of all users so they can change their passwords for accessing the platform.” 

She added that “We have no evidence that any of the data has been compromised or that there has been a fraudulent use of it.”

Print Friendly, PDF & Email

Related Articles