Customers’ info of leading Vietnam mobile phone retailer allegedly leaked

By Dinh Nam   November 8, 2018 | 10:55 am GMT+7
Customers’ info of leading Vietnam mobile phone retailer allegedly leaked
Bank card information was reportedly leaked on the online forum RaidForums.
Over 31,000 bank card numbers allegedly belonging to retail giant Mobile World's customers were leaked online.

The data was leaked on Tuesday and Wednesday on RaidForums, an online forum with over 90,000 members specializing in uploading and selling database leaks. Earlier, data on 160 million Zing ID accounts were also leaked on this forum.

In the first batch of data reportedly leaked on the forum Tuesday, a file containing 5.4 million email addresses was supposedly that of Mobile World's customers.

This was followed by another file containing over 61,000 email addresses allegedly belonging to the company's employees.

On Wednesday morning, an excel file containing information on over 31,000 card transactions was uploaded. The information included card numbers with 6 middle digits hidden as well as the time, branch and amount paid in each transaction, all of which took place between June 29 and July 18, 2016.

Another file leaked Wednesday evening contained full card numbers of some of Mobile World's customers, prompting experts to suggest that the hacker might have the full card numbers of all 31,000 bank cards partially leaked in the previous file.

Not us

In an official announcement issued on Wednesday evening, Mobile World asserted that its system had not been hacked and that the company did not store customers' card numbers and transaction times, so it was impossible for such information to be leaked from its system.

"When customers buy and swipe their cards at our shops, the POS card readers that read the customers' card information belong to the bank. This essentially means it's the bank that reads customers' cards and transfers the data to their system.

Mobile World does not interfere with this process and is not allowed to store any customer information.

"When customers pay online, the information would jump to a third-party payment gateway, so Mobile World's website cannot store customer information either," a company statement said.

However, upon checking the leaked files, at least two people from Ho Chi Minh City found their bank card information among the data leaked. They said they’d been Mobile World customers for the past two years. Dozens of people have also found their email addresses among the 5.4 million leaked email addresses.

"I was surprised to see my card number in the list leaked on the internet," a Mobile World customer said, adding that they had asked the bank to temporarily lock the card for safety.

Vo Do Thang, director of the Athena network security center, suggested that the hacker might possess even more information and was leaking them "one step at a time."

"Bank card numbers are particularly sensitive data related to financial issues so users need to check for themselves and protect their own assets," he said.

Mobile World has said the company would work with customers to verify and assist them if they discover their card information among the leaked data.

go to top