Customer data under threat of being exposed

The post that started it all, the data leak of Mobile World JSC

Continuous leaks of personal information

On November 10, the account named herasvn caused great commotion by uploading to RaidForums (raidforums.com) the personal information of about 2,300 members of Concung.com's marketing staffand even its management board, including their full name, ID card information, phone numbers, e-mail addresses, photos, and positions. The file cost about $10 to download.

BKAV’s experts and Concung’s staff have confirmed that the company’s data was leaked and that the hacker is real.

Three days later, the same account revealed that he has successfully penetrated FPTShop’s system and has the company’s full database. The hacker posted of several transactions sheets from FPTShop, consisting of the customer’s personal information (full name, date of birth, address, and ID card number).

In addition, the account also shared the method of hacking into FPTShop database, saying that he is “not a teacher” and offered to barter or sell the data.

Herasvn has later announced that he “will release information on other companies soon…” At the moment, the owner of the account have not been identified yet or the extent of information they hold.

In early November, the account named erwincho also uploaded to RaidForums a file containing the data of 5 million of thegioididong.com, including more than 31,000 transaction records and 5.5 million e-mail addresses, 61,000 of which belong to The Gioi Di Dong’s internal division. Another uploaded file contains purchase transactions from 2016, which also exposed customer’s credit card numbers.

Doubts over the security quality of database management

Though The Gioi Di Dong’s representative has confirmed that the information on RaidForums is fake and the company did not detect any signs of a leak, it seems that customers’ faith in the company is fading. On November 8, the MWG stock was at VND110,000 ($4.7), down VND2,000 ($0.08) compared to the price on November 7. With this drop, The Gioi Di Dong suffered a loss of nearly VND650 billion ($28.2 million) in one day.

It cannot be denied that data leaks expose the weak and poor management of databases, as the companies still pay little attention to properly protecting customers’ information. The leaks constantly coming to light have raised concerns whether customers’ information will be safe if they conduct a transaction at any of these stores in the future.

According to the Authority of Information Safety under the Ministry of Information and Commmunications, hackers penetrate systems to collect personal data and use them for network attacks, especially phishing.

To enhance information safety as well as protect personal data and the rights of customers, it is imperative that enterprises implement adequate technical solutions to ensure data security. At the same time, they should regularly check to detect any security loopholes to fix problems on time.

Customers are recommended to carefully consider before providing their personal information during any transaction, as well as periodically change their authentication information to avoid hacking.