Day: February 23, 2024

Carousell fined S$58,000 for data leaks, over 2.6 million users affected

Carousell has been fined S$58,000 over two separate data breaches in 2022, one of which exposed the personal data of approximately 2.6 million Carousell users. The breaches were detailed in a judgment by the Personal Data Protection Commission (PDPC) yesterday (February 22).

The first data breach occurred in July 2022 when Carousell implemented changes to its chat function. The chat function is a feature that allows potential buyers to send and receive messages to and from listing owners on the Platform.

The changes were intended to be limited to users in Philippines who were responding to property listings, which would allow the personal details of a user (who has given prior consent) to be automatically sent the owner of the property listing, including their first names, email addresses and phone numbers.

However, due to human error, the email addresses and names of guest users (those who did not have registered accounts on the Platform) were automatically appended to all messages sent to the listing owners of all categories in all markets. For guest users in the Philippines, their telephone numbers were also leaked in the messages.

Carousell did not identify the bug at the time. However, one month after the leak, it implemented a fix to resolve an unrelated issue with the pre-fill functionality of the chat function, which unfortunately expanded the effect of the original bug.

Instead of just guest users, the data of registered users were also automatically appended to messages.

Carousell was eventually made aware of the bug via a user report sent on August 18, 2022 and subsequently implemented a fix on August 24 which resolved both the bugs. As a whole, the personal data of 44,477 individuals, comprising email addresses of all affected users and mobile phone numbers of users in Philippines, were compromised.

Following the incident, Carousell deleted all affected personal data disclosed in the chat function by September 3, 2022 and notified users who had written to Carousell about the data breach by September 6, 2022.

A threat actor put up 2.6 million users’ data for sale on an online forum

Carousell was alerted by the PDPC to the second data leak on October 2022 when they identified an individual offering about 2.6 million users’ personal data for sale.

The breach arose when Carousell launched a public-facing application programming interface (API) during a system migration process on January 15, 2022. An API allows computer programs or components to communicate with each other.

However, Carousell inadvertently failed to apply a filter on that API, resulting in a vulnerability which was eventually exploited by a threat actor.

The API’s intended function was to retrieve the personal data of users followed by or following a particular Carousell user. A filter applied to the API would have ensured that only publicly available personal data of these users — their user name, name and profile image – would be called up.

Without the filter, the API was able to call up the users’ personal data, comprising their email addresses, telephone numbers and dates of birth.

A threat actor was able to exploit this loophole by scraping the accounts of 46 users with large numbers of users following them, or who were following many other users. Forensic investigations revealed that this occurred in May and June 2022.

Carousell’s internal engineering team discovered the API Bug on September 15, 2022 and deployed a patch on the same day. After conducting internal investigations to determine whether there had been unauthorised access to its users’ personal data in the 60-day period prior to September 15, it did not detect any anomalies.

The e-commerce platform remained unaware of the exploitation until it was informed by the PDPC on October 13, 2022, after which it identified and blocked the threat actor’s account and notified all affected users by email.

Failure to conduct pre-launch testing, lack of proper documentation

For the first data breach, Carousell failed to conduct reasonable pre-launch testing upon implementing its changes to the Platform’s chat function, said the PDPC. Reasonable code reviews and testing would have detected the bugs before the changes went live.

Carousell admitted that since the changes were only intended to impact users in a specific category of listings (i.e. property listings in the Philippines market), testing was not undertaken to check how the changes may have affected other users and listings outside the intended category.

For the second data breach, Carousell had selectively performed code reviews and tests during its system migration, only for certain purposes and on certain APIs.

The company failed to test the API for data security risks and admitted that it did not mandate comprehensive code reviews for security issues prior to the second breach.

In both instances, the lack of proper documentation also contributed to the breaches. Without proper documentation, developers often have no references to fall back on, and may end up making assumptions about code logic that could produce incorrect results.

When Carousell’s engineer implemented the changes to the platform’s chat function, he did not have the contextual knowledge to realise that such changes would affect other users and categories as he was not the original author of the function. This contributed to the first data breach.

Meanwhile, for the second breach, the APIs involved in the system migration were built in 2016 and did not have proper documentation. Carousell admitted that its employees may not have been aware that they needed to apply a filter to the relevant API post-migration.

Carousell “respects the PDPC’s published decision”

Following the data breaches, Carousell has implemented various measures to prevent the recurrence of similar incidents. This includes the introduction of an automated unit test which ensures that the Platform does not erroneously append any personal data in chat messages, and the configuration of its GitHub repository to scan for and generate alerts for data leakages.

In response to the PDPC’s judgement, a Carousell spokesperson shared that the company “respects their published decision regarding the September and October 2022 incidents, which also notes Carousell’s prompt and effective remediation actions to enhance data security and prevent similar incidents from occurring in future”.

Carousell has been working on addressing the additional recommended remediation steps set out by PDPC in their final decision. Both incidents were isolated one-off incidents that happened due to unrelated bugs that were introduced that have since been fixed.

Protecting our users’ personal information has been and will always be of paramount importance to us. To ensure that we maintain a robust and effective security posture, we continually invest significant resources in enhancing our security infrastructure and cyber security efforts.

– Carousell

Featured Image Credit: Carousell

Also Read: Alleged Razer data breach: Hacker demands US$100K in crypto in exchange for stolen data

Maybank & The Makeover Guys have home renos worth RM1.1mil, here’s how to win a cut

New year, new home? Before you dismiss the idea as being a pipe dream due to limited finances, know that it might just be possible, with some luck on your side.

Maybank has teamed up with local home renovation specialist The Makeover Guys (TMOG) to come up with a campaign that offers participants the chance to win home makeovers worth up to RM1,100,000.

In essence, they might just turn your dream home into a reality.

What’s this about?

This campaign is for homeowners who sign up for Maybank Home Ownership solutions, and gives you the exclusive opportunity to win cash rebates and cash vouchers.

To break it down, Maybank Home Ownership solutions involve holistic financing for customers, beyond the financing of new or sub-sale properties.

The bank also offers financing for renovations, decorations, furnishings, and fittings, through their Maybank MyDeco and Maybank Home+Reno solutions.

Maybank stated that the MyDeco is a first-of-its-kind loan built to finance home interior designs, and is distinct in that it is mortgage financing, and not a personal loan. 

“The programme offers up to a 30% additional margin of finance or up to a combined total of 120% of property price/open market value (whichever is lower), or a maximum of RM250,000, whichever is lower, in a separate loan account to finance a home owner’s interior design expenses,” a press release stated.

Meanwhile, Home+Reno is for more extensive full-fledged home renovations catered for landed properties. It’s a combination of home financing and renovation facility, with the latter offering up to 120% of the property’s price or the latest open market value, whichever is lower.

The bank told Vulcan Post that customers are eligible to gain entries when they sign up for Maybank Home Financing, MyDeco, or Home+Reno financing during the campaign period (now until July 31, 2024), with their financing documents executed legally by August 31, 2024.

Customers will get an extra entry if their property is a green home. 

Dictionary time: Green homes focus on the efficient use of energy, water, and building materials. A green home may use sustainably sourced, environmentally friendly, and/or recycled building materials.

From dream to reality

The winners will be drawn by a randomiser on September 30, 2024, after which a total of seven winners will be announced on the Maybank website and social media channels.

The structure and value of the prizes are as follows:

On top of these, the first 1,000 customers who accept the MyDeco Financing Letter of Offer and accept renovation services with a minimum spend of RM45,000 offered by TMOG will automatically win cash vouchers valued at RM,1000 each.

A win-win situation

Speaking to The Makeover Guys, it turns out that Maybank was the one who approached them first.

As you can imagine, the TMOG team was honoured. Following this campaign, they have also been designated as Maybank’s Preferred Home Renovator.

“This designation implies that The Makeover Guys meet certain criteria set by Maybank, such as quality of work, reliability, and customer satisfaction,” the team told Vulcan Post.

“For customers, this designation serves as an assurance of quality and credibility when choosing The Makeover Guys for their home renovation needs. Additionally, Maybank’s customers will be able to enjoy exclusive offerings by The Makeover Guys.”

TMOG was started in 2015 with the goal of helping property investors increase rentability through strategic makeovers. To date, they’ve worked with clients such as EcoWorld, Sunway Properties, Gamuda Land, and more, to provide affordable designed homes to the masses.

Crowned as the top bank in Malaysia in 2023 by Forbes, Maybank’s support will help TMOG with their bigger goal of becoming a leading name in the home renovation industry.

• Learn more about this campaign here.
• Get to know The Makeover Guys here.
• Read more Malaysian startup stories here.

Also Read: You could win prizes worth up to RM238K when buying a home in these 5 townships by Feb 29

Featured Image Credit: Maybank / TMOG

Don’t learn to code: Nvidia’s founder Jensen Huang advises a different career path

Disclaimer: Unless otherwise stated any opinions expressed below belong solely to the author.

Nvidia, the long-time graphics card company turned AI giant, joined the US$1 trillion valuation club last year and is now just US$50 million shy of US$2 trillion, following the surge in demand for its accelerator cards that large language models like ChatGPT are trained on.

Its multibillionaire founder and CEO, Jensen Huang, is now one of the richest people in the world, with a net worth of close to US$70 billion, and one that is most sought after to speak about the future that his company is helping to build.

He was one of the headline guests at the World Government Summit in Dubai, which concluded a few days ago. At the event, he spoke at length about the future of the world in this new AI reality, including the impact it’s going to have on our careers going forward.

According to Jensen, the mantra of learning to code or teaching your kids how to program or even pursue a career in computer science, which was so dominant over the past 10 to 15 years, has now been thrown out of the window.

You’re already a programmer

Perhaps a bit paradoxically, the recent achievements of the IT industry are leading it to automate itself first, thereby reducing the need for tech experts and the number of tech jobs in the long run.

Here’s what Nvidia’s CEO had to say about it:

Over the course of the last 10 years, 15 years, almost everybody who sits on a stage like this would tell you that it is vital that your children learn computer science. [That] everybody should learn how to program. And in fact, it’s almost exactly the opposite.

It is our job to create computing technology such that nobody has to program and that the programming language is human. Everybody in the world is now a programmer.

This is the miracle of artificial intelligence.

Jensen Huang, Nvidia founder & CEO

Specialise

The future of human work is in specific domain expertise – branches of science, manufacturing, farming, construction, education, engineering and so on.

Understanding the challenges and then using autonomously intelligent technology to help us provide solutions, without us needing to spend months or years developing necessary software by hand.

For most of us it is irrelevant how a particular solution is provided. We’ve learned, or were advised to learn, how to code, because that was the only way humans could interact with computers.

If you wanted a machine to do something, you had to know how to speak to it in its highly technical programming language (or, more typically, a few of them at least).

But the rapid rise of AI is promising to make these skills obsolete for most people other than those designing and maintaining the systems the rest of us will depend on.

It’s already been proven possible, with early experiments indicating that a job that would typically be performed by a team of people over several weeks could be done by AI in just minutes.

We’re not there yet, of course, but we’re on a rapid trajectory that could derail your tech career plans within just a few years.

It makes far more sense to specialise in a particular industry or profession to understand its problems or possible avenues of future improvement so that you know what to ask AI for.

Because, while artificial intelligence can come up with any number of ideas, it can’t really know much about the reality of your work, beyond the information you provide it with. This is why your expertise in the matter is so important so that you can ask the right questions and it can provide you with the best possible answers.

Pick your street

I have to say that the blanket advice of “learning to code” has always felt wrong to me. This is because we all have a very limited amount of time, and if we spend it on one thing, we automatically can’t invest it in something else.

And, realistically, how many of us can be great at programming? (even if we ignore the sheer diversity of what it can actually mean)

Like with human languages, to be good at using any computer language you have to practice it and consistently upgrade your skills with time.

Superficially, “learning to code” can give you some basic understanding of how making computers do things works, but little beyond that unless you are constantly exposed to it. And even within the domain of programming, there are endless possibilities and specialities that you can pursue.

So, “programming” as such is an extremely broad term that is really empty on its own. Programming what? How? Why? For whom? At what scale?

Kids should, perhaps, be taught the fundamentals of computer science, much like they’re taught teaching human biology, even though most of us will never be doctors or scientists. A basic understanding of how computers power the AI-enabled future work is certainly valuable.

But only those who see themselves working as computer engineers should pursue specific skills, with the rest of us being directed towards whatever we’re passionate about and/or predisposed to, as that increases our chances of being really good at it.

So, don’t learn to code — learn to be great at something useful, whatever it may be. AI will always be there to help you out.

Also Read: Your next boss: AI is killing jobs but has also created a new industry with thousands more

Is Khairul Aming’s record-breaking launch replicable? We got TikTok Shop M’sia to comment.

Imagine having over three million people tune in live to watch you sell a product. That’s a magnitude of people I can’t even imagine. That would fill more than 34 of Malaysia’s biggest stadium, the National Stadium. That’s more than half of Singapore’s population.

That’s the number of people who clicked into Khairul Aming’s livestream on February 2, 2024.

The influencer-turned-entrepreneur started a TikTok LIVE to launch his new product, Dendeng Nyet Berapi. At its peak, the livestream received over 3.3 million viewers.

In less than four minutes, Khairul sold 80,000 orders, generating over RM1 million in revenue.

“The viewers on the LIVE stream were completely organic, and recorded the highest number of views on a TikTok Shop LIVE stream at its peak,” Nur Azre Abdul Aziz, Partnerships Lead at TikTok Shop Malaysia told us.

Some flaws in the system?

Like three million other people, we were also in the livestream, awaiting the chance to get our hands on Khairul Aming’s latest product.

My colleague who was in the livestream shared that there was no lag, but the actual Shop itself was buggy. She wasn’t able to add items to her cart, or when she did, they would disappear from the cart, or it wouldn’t allow her to proceed to payment.  

Ultimately, she wasn’t able to secure one out of 80,000 of the Dendeng Nyet Berapi. With millions of people vying for Khairul Aming’s products, though, perhaps that’s to be expected.

When asked about the lags and whether TikTok Shop had prepared in advance for the volume of buyers, the team shared, “At TikTok Shop, we constantly work towards ensuring a seamless shopping experience for the buyers and sellers.”

To them, safety is a top priority, so their focus is on providing security for those who choose to purchase on TikTok Shop.

A fluke, or by design?

At the end of the day, Khairul Aming has something many livestreamers might not have—star power. The creator has 3.9 million followers on Instagram, and 4.2 million on TikTok.

So, is this kind of viewership really replicable or even imitable by others on TikTok LIVE?

To that, Nur shared that TikTok Shop allows brands and sellers to be discovered via Shoppertainment, bringing together the best of both worlds when it comes to content and commerce.

“Khairul Aming, who has already established himself on the platform, has an audience that he can reach out to via a series of tools and content made available on TikTok Shop, ultimately leading to the success of his LIVE stream,” she explained.

So for those who want to have more people tune in to their livestream and thus improve their performance on TikTok Shop, growing your own TikTok platform is critical.

That said, TikTok Shop also seeks to provide businesses of all shapes and sizes with equal opportunities to succeed, and believes that such levels of success are not limited to those with a large following. 

“Over the years since TikTok Shop was introduced, we have been able to witness the growth of many local businesses that have shifted from brick-and-mortar to online storefronts, or those that have found their niche solely on TikTok Shop,” Nur pointed out.

Some examples she gave included Kedai Bookcafe, who achieved more sales in one year at TikTok Shop compared to a decade of physical selling. There’s also JTT Store MY, whose primary revenue stream is now from TikTok Shop.

Perhaps because of these success stories, TikTok Shop now has over one million businesses onboard in Malaysia alone.

A sustainable platform?

If you’ve been keeping up with global events, you may remember that some time last year, TikTok Shop was banned in Indonesia. The Indonesian government cited the reason being the need to protect smaller merchants and users’ data.

With that in mind, we wondered if TikTok Shop would face the same fate here in Malaysia, or if it’s something the team is concerned about.

“TikTok Shop aims to bolster the growth of local businesses, and as such, we work closely with Malaysian SMEs to equip and empower them to sell on the platform,” Nur said to that.

She elaborated that the team is working with various government and non-governmental organisations to empower SMEs nationwide.

This includes projects with Perbadanan Usahawan Nasional Berhad (PUNB), Malaysian Communications and Multimedia Commission (MCMC), and the state governments of Sabah and Sarawak to encourage digital economy growth in East Malaysia.

Moreover, TikTok Shop is partnering with the Ministry of Domestic Trade to further equip rural and local brands with the know-how to go further.

Leading up to Raya, TikTok Shop is also working with Majlis Amanah Rakyat (MARA) to encourage sellers in six states to carry out LIVE shopping streams.

“TikTok Shop is committed to supporting Malaysian businesses in reaching their fullest potential,” Nur concluded.

Realistically speaking, TikTok LIVE and TikTok Shop isn’t some surefire way to become successful or sell out a million ringgit’s worth of products in four minutes. Khairul’s success has been years in the making, after all.

However, it seems like TikTok Shop serves as a platform where people stand a chance to accelerate their businesses—or in the case of older, smaller businesses, sustain it.

Khairul Aming’s stream showed that it’s not a stretch to imagine 3.3 million people tuning into a livestream, and for them to buy out 80,000 products in less than four minutes. It also shows how TikTok has the infrastructure to support that.

His success might not be easily replicable, but it gives a benchmark of what is possible in Malaysia, for Malaysian entrepreneurs, for Malaysian-made products.

• Learn more about TikTok Shop here.
• Read other articles we’ve written about Malaysian startups here.

Also Read: You could win prizes worth up to RM238K when buying a home in these 5 townships by Feb 29

Featured Image Credit: TikTok Shop / Vulcan Post

This S’porean went from collecting watches to creating self-designed timepieces for his brand

Trained as a lawyer, Royce Wee’s resume is definitely not one to scoff at.

The Singaporean has worked as the deputy public prosecutor in the Attorney-General’s Chambers, in policy roles in the Infocomm Media Development Authority, and as a director for economic regulation at the Ministry of Communications and Information.

He has since moved into the private sector, handling public policy and data governance in companies such as Alibaba Group. Currently, he’s based in Saudi Arabia, working as a department director for NEOM, a new urban area planned by the Kingdom of Saudi Arabia.

But when he’s not busy with policy duties, Royce actually runs a business he co-founded—TENNET Watch Corporation, or TENNET for short.

From a long time ago

Royce’s love for watches begun early, when he was still in secondary school.

“I remember lazing around in the living room of my home and flipping through the pages of a glossy magazine that was left lying around,” he reminisced.

He came across a full-page coloured advertisement of the Patek Philippe Nautilus and was blown away.  “For the first time in my life, it dawned on me that watches go beyond functional tools to tell the time, to become a work of art, culture, and beauty.”  

In time, Royce became a watch buyer and collector. As a fan of horology, he realised how easy it was to be an “armchair critic”, pointing out purported flaws in watch designs.

Recognising that, Royce wanted to put himself to the test and come up with a watch design that meets his own design aesthetics while ensuring it stands the test of time. 

Despite having always wanted to design his own watches, the desire remained as a conversation topic with his then-girlfriend (now wife) and family members for a long time.

It took the pandemic to spur actual action. During this time, Royce began placing more value and focus on living out his dreams, taking risks, meeting new people, and trying new things.

“This can be summarised in the Latin phrase, Nolite Timere, which can be aptly translated as Be Not Afraid,” he said. “It is with this fearless, passionate, dynamic and enterprising spirit that TENNET was undertaken and born.”

Good things take time

The name “TENNET” is rather layered. First and foremost, it serves as a constant reminder of the tenets of the brand. 

“These include beautiful designs, use of best-in-class materials, employing modern manufacturing methods, delivering excellent value to customers, and providing trust and peace of mind to customers, including our lifetime warranty against manufacturing defects,” Royce said.

With a keen eye for visual appeal, he pointed out that it’s spelled with two N’s in the middle to make it more complete and proportionate. It is also a palindrome that spells the same from left to right, as well as from right to left.

More than that, it’s also an anagram of “TEN-TEN”. If you know watches, you’ll know 10:10 is a timing that brands set their watches to for aesthetics and clarity.

From the conceptualisation of the brand to the official launch, TENNET took around two years to come to fruition.

This period saw design tweaks, the choosing of partners and manufacturers, the commissioning of multiple prototypes, prototype refinements, to the finalisation of the production run. 

With that, the brand was finally launched in November 2023.

Designed for timelessness

TENNET watches take their design cues from more traditional and classy dress watches, but they are updated and modernised to meet the needs of today’s watch buyers and wearers.

“Their designs are timeless and classic, and at the same time, they are built using modern materials and techniques to be reliable and robust, including water resistance of a mighty 200 metres,” Royce elaborated. For context, 200 metres is equivalent to the average depth that diving watches are made for.

The watches are designed by himself in Singapore, with a “heartbeat and movement” from Switzerland, and case parts and assembly by a world-class factory and artisans in China, Royce shared.

TENNET’s intent is for buyers, collectors, and supporters of the brand to always recognise a TENNET watch, even years from now, regardless of the specific product model family.

This means they aim to have a cohesive design story and signature motifs, including the case shape, water-drop silhouette of their indices and hands, dimpled crown, and flared lugs.   

According to Royce, TENNET watches are for dreamers and doers who think for themselves and are not happy to simply follow the crowd or jump on the bandwagon.

These are people who craft their own paths, who stand out from the masses, and who have the spirit, audacity, and gumption to take risks and make their dreams come true.  

In short, it’s made for people like Royce.

Time will tell

Bootstrapped by Royce, TENNET was set up was a small independent family business with some assistance from partners for their website, social media, and logistics.

As a small business, each production run is highly limited. The inaugural line was the Somerset, which was sold with an early bird price of US$800 before it was increased to US$1,200.

“I have been surprised and gratified by the strong and encouraging initial sales of TENNET watches, especially since I started with practically zero marketing and advertising,” Royce expressed.

Much of the sales, he believes, has been driven by word of mouth from people who are in the know, including watch collectors and connoisseur.

As for the next steps, there are plans to come up with new colour schemes, metal bracelets, and work on complications such as the calendar, GMT, and moonphase, as well as new product model families, including a diver’s watch and a pilot watch.

According to Royce, collectors, friends, and even competitors have urged them to price the watch much higher considering the value it packs.

However, he wants to stay true to his own values.

“The guarantee I will make is that TENNET will always be guided by our aforesaid mission and values, including good quality design, robust build quality, delivering excellent value to customers, and providing trust and peace of mind to customers.”

“These will always be our North Star,” he said about the tenets of his business.

• Learn more about TENNET Watch Corporation here.
• Read other articles we’ve written about startups here.

Also Read: Scientex is on a mission to prove that young M’sians can afford landed homes in urban areas

Featured Image Credit: TENNET Watch Corporation

How this weekend-only breakfast kitchen in Shah Alam grew into 3 brands in less than 3 yrs

Growing up, I’ve realised that there’s one distinct thing about older eateries. Take away the food itself and you’ll notice that quite a few generational restaurants have a sense of community spirit.

In fact, I’d even argue that the community support is exactly what built them up to be a neighbourhood staple.

One newer eatery that has drummed up solid community support and is leveraging it to grow ever bigger is Breakfast Room.

Located in Bukit Jelutong, Shah Alam, Breakfast Room is a multidisciplinary F&B company that grew from a home-based Sunday kitchen.

It started at home with loaves and buns

Back in July 2021, the founders of Breakfast Room (who prefer not to be named) started out the business as a Sunday breakfast kitchen. There, they would serve morning spreads like coffee, pulled beef sandwiches, and portobello pesto sandwiches. 

Everything was prepared in their home kitchen, and most of their customers were families, friends, and neighbours. 

But some time before that, the founders were already supplying baked goods to a few shops in the area. 

At the time, Hariez (Breakfast Room’s Business Development Manager) told Vulcan Post that he was a regular customer and particularly enjoyed their homemade buns and loaves.

These experiences gave the founders time to hone their culinary and business skills. Starting from home also provided them with a more cost-effective way to understand the market and develop their menu.

“The concept of Breakfast Room emerged during this period. Upon recognising the potential of the business, we secured a small 400 sq ft space [and moved out in December 2021],” the team shared. 

It’s in the same spot that they currently occupy, just larger. 

Establishing their own #gengbangunpagi community

During those early days, Breakfast Room had seven tables and could only host up to 20 people at a time. Being in a residential area, the team focused on catering breakfast to crowds of families.

By sticking with their roots, the team naturally built a community around early risers looking for hearty breakfasts. 

The cafe opens at 7:30AM daily (except for Mondays) and offers full meals such as Full Brekkie (their take on an English breakfast) and sourdough breakfast muffins.

Taking it up a notch, the brand even came up with a name for their customers called #gengbangunpagi, which translates to “early riser gang”. 

“Just like a family, #gengbangunpagi brings together people who love waking up early and enjoying breakfast. As simple as being at Breakfast Room, you are already a #gengbangunpagi,” they explained.

“We want our customers to feel like they’re part of a community that shares their lifestyle and values. Through this community, we aim to foster a sense of belonging and camaraderie among our customers, creating a shared experience that extends beyond the breakfast table.”

No longer just a breakfast spot

As their #gengbangunpagi grew, so did the business itself. They began adding more tables, expanding the menu offerings, and even rented out the space next door to make it into a 70-seater cafe. 

Then in late 2023, Breakfast Room welcomed two new additions under its company: B-SIDE which stands for Breakfast Room after hours, and a bakery called BRBakes.

Now, you might believe that this expansion stemmed from wanting to diversify revenue streams, and you’re not wrong to think that.

However, Hariez explained that putting financials aside, it’s also to let Breakfast Room’s team explore their own passions. “Our decision to launch these sister brands was influenced by the talent and creativity of our team.”

Building upon the brand’s baking background, the founders chose to open a standalone bakery less than a five-minute walk from the cafe. This way, the team could look into more ways of expanding their baked goods menu.

Open from 9:30AM to 6:30PM, the BRBakes serves items like croissants, cruffins, cakes, sourdoughs, and cinnamon rolls.

Similarly, B-SIDE is a way for the team to showcase their talents beyond just breakfast food. Open from 5:30PM to 10:30PM, B-SIDE extends their dining hours and offers a more sophisticated menu. Customers can expect to find dishes like pasta and risotto during this period.

Building relationships with other entrepreneurs

Besides serving customers and the team, Breakfast Room has also paid mind to building a community with others in the F&B field. 

Last year, after being approached by Beard Brothers BBQ (a restaurant specialising in American BBQ), they launched A Breakfast Collaboration to work with other industry players. 

It’s a symbiotic relationship where the primary objective is to foster and inspire new business ideas, business discussions, and problem-solve for both parties. 

Other brands they’ve partnered with for A Breakfast Collaboration include PULP (PPP Coffee’s flagship store) and Brotani Juice Club (a local juice brand). There will be more collaborations this year which they’ll share on social media in due course.

Chock-full of ideas, the Breakfast Room team also initiated a concept called #BRWEEKENDPOPUP last year. They would host various vendors almost every weekend ranging from food to souvenirs and educational games at no rental charge.

With such a large space, they figured it would be beneficial to support small businesses seeking a space to showcase their own offerings.

Three brands in (almost) three years

In nearly three years, Breakfast Room has grown from being a Sunday kitchen with a handful of menu items to a cafe and three brands.

Growing internally and externally in such a short time can be challenging, so the team shared a few learnings they picked up on:

• Good food is good marketing
• Word of mouth is still the best marketing
• A great team is crucial for the growth and establishment of your business
• Spend what you have, not what you think you have
• Account for unforeseen situations

With these in mind, they’re planning to broaden the brand’s reach by opening a second Breakfast Room outlet soon.

In the long run, aligning with their current growth strategy, their goal is to establish a holding group with various subdivisions, including a grab-and-go spot.

“Above all, we aim to grow our #gengbangunpagi community while providing excellent food, enhancing customer satisfaction, and improving our menu items,” Hariez stated. At the end of the day, it seems to all come back to the community they’ve built.

• Learn more about Breakfast Room here.
• Read other articles we’ve written about Malaysian startups here.

Also Read: Scientex is on a mission to prove that young M’sians can afford landed homes in urban areas

Featured Image Credit: Breakfast Room