Hackers up the ante, threatening major Vietnamese firms

By Bao Lam, Chau An   November 13, 2018 | 02:12 am PT
Hackers up the ante, threatening major Vietnamese firms
Data supposedly belonging to staff of Vietnam’s largest baby products chain Con Cung were leaked online. Photo by VnExpress
After hitting Vietnam's top mobile phone retailer and baby products chain, hackers offer to sell information on another big firm.

Just a few days after leaking data containing millions of email addresses and details of 31,000 card transactions of customers allegedly belonging to Vietnam’s leading mobile phone retailer, Mobile World, the hackers were at it again.

Once again on the RaidForums site, they leaked more data Saturday, this time claiming that it was information about the staff of Vietnam’s largest baby products chain, Con Cung.

RaidForums is an online forum with over 90,000 members where database leaks are uploaded and sold.

The hackers claimed to have stolen information from other retailers like FPT Shop, the electronics retail chain of the FPT Group, Vietnam's largest IT services company, and threatened to publish or sell it soon.

They said on the forum that they would sell the information for a "reasonable price" or in exchange for "something interesting." They did not elaborate.

After analyzing the Con Cung data, experts from WhiteHat computer security forum said it contains 2,272 full names of employees and their respective positions/branches, phone numbers, emails, and national ID or passport numbers.

Ngo Tuan Anh, vice president of cyber security firm Bkav, said since the data matches that of Con Cung’s employees, its system has most likely been compromised.

Staff using the same password for other accounts should change it, he warned.

A security expert said the data was stolen from an internal application for employees. Hackers could have gotten access to an employee’s account and used this to request information from the system.

Con Cung has not commented yet, while an FPT Shop representative declined to comment saying there is no basis to think data has been hacked.

Information security expert Le Nguyen Khang said many businesses still invest very little in system security.

As a company grows, so does the number of customers on its database, exposing it to a significant risk of harmful unintended disclosure, he told the media.

Anh of Bkav said enterprises must invest early in security systems while developing a safe IT system, especially those with retail chains or online sales platforms.

When problems occur, it is necessary to coordinate with specialized security personnel to prevent harm and at the same time alert customers to breaches to prevent further data leakage, he added.

go to top