Recently, You Tiao Man - a local supplier of Halal-certified Chinese fried dough in Singapore, has been sending out email newsletters to us. Commonly known as 'Yu Char Kway' or 'Youtiao' (油条)in Southern China, this long golden-brown deep-fried strip is not only famous there but also across East and Southeast Asia!
Upon closer inspection, we were astonished to see that the emails sent to us originated from our official government email address used for Singapore Government projects and orders. This address is only available on Gebiz, a Government site. We have not published an email address anywhere else nor given it out on any social media platform! We marvelled at this discovery and couldn't help but question: how did they get hold of such confidential information?
Upon realising that they may be harvesting email contacts from a Government website through web scraping or exploiting database leaks and contractors accessing unauthorised databases, we knew something had to change. Web scraping is a process used to collect data from websites using automated software and algorithms. Through web scraping, they could find our email addresses on Gebiz and send us newsletters about their products. We are vehemently convinced that this action is morally illegal and strongly urge the Government Agencies to identify where the breach began. Furthermore, we hope that the company takes responsibility for their actions, even if they are hiring a 3rd party.
What is web scraping? (We do not encourage this action because you do it without the site owner's consent!)
- What is Web Scraping? via The PyCoach
- What is Web Scraping and What is it Used For? via ParseHub
- Is Web Scraping Legal? Via ParseHub
- Is Web Scraping Legal, and Why? via Octoparse
After visiting Gebiz, we were amazed to discover how effortless it was to extract supplier details such as company name, email address, website URL, physical address and contact number. This is especially worrying as Gebiz is the leading portal for Government Agencies to search and contact suppliers. If left unchecked, there could be a considerable risk of unethical companies harvesting sensitive information from these portals, leading to identity theft, financial fraud and other serious security threats.
All Government Agencies need to take proactive steps to protect their websites and portals from unauthorised access and web scraping. Furthermore, agencies must ensure that private contact data remains secure so as not to be abused; we are aware that the PDPA regulations apply strictly to businesses yet also need to be enforced by agencies. We should all join forces in combating this dilemma since such malicious actions can cause severe reputational damage to our nation.
Please note that this is merely an experiment to understand the Gebiz platform and its capabilities – we are not using nor promoting any information obtained for illegal or marketing activities.