Mobile World flounders after serious security breach

A hacked posted a veritable mine of credit card information allegedly belonging to Mobile World customers on RaidForums

Account information of 31,000 Mobile World's customers hacked

On November 7, a hacker has announced full 16-digit credit card numbers, claiming they belong to Mobile World customers.

After sharing a file containing more than 5.4 million email addresses and 31,000 bank card numbers (six digits covered), claiming they belong to clients of Mobile World, an account called Erwincho continued disclosing sensitive information on RaidForums. The new database uploaded on the internet in the night of November 7 included full 16-digit bank card numbers.

A banking expert said that with this move, the hacker has announced that he knows all bank card numbers recorded through 31,000 transactions at Mobile World (The Gioi Di Dong). The information includes cards issued by Visa, Master Card, and domestic banks.

The expert said that the hacker will need at least the valid date of the cards to withdraw money from them. Some banks may require the name of owner, the CVV (the three digits on the back of the card), and even the OTP code. However, the hacker might be in possession of more information than he let on so far.

Some of Mobile World's customers confirmed that their card numbers are on the list of the 31,000 numbers, confirming that they made purchases at The Gioi Di Dong stores in the last two years. Others found email address in a file containing 5.4 million accounts.

Mobile World has immediately responded, claiming that the system was not hacked. Accordingly, Mobile World does not have a database of card numbers, validity dates, or date and time of purchases, so this information could not be taken from MWG system.

"When customers make a purchase and scan their cards at our stores, the POS machine used does not belong to MWG. This means that banks are reading their cards and transferring data to their own system. Mobile World did not take part in this process and did not save the information of customers," the group explained in an announcement.

"If customers conduct an online transaction, their information will be imported to a third-party database, The Gioi Di Dong does not retain customers' information," noted the announcement.

On November 6, a member shared a file on RaidForums, including 5.4 million email addresses, which supposedly belong to Mobile World's customers. Another file followed, consisting of 61,000 email addresses which were claimed to belong to the staff of MWG, following the format ‘username@thegioididong.com.’

The hacker also shared other information pertaining to Mobile World clients, including the location of transactions between June 29 and July 18, 2017.

31,000 records of bank card details, supposedly from Mobile World's database, have been posted online

Mobile World loses VND650 billion ($28.2 million)

Although there were numerous "green" transactions on November 8 on the stock exchange, MWG's ticker has decreased for the third time this month.

Specifically, at the end of November 8's session, MWG closed at VND110,000 ($4.7), down VND2,000 or 1.8 per cent. MWG was one of the 12 stocks among the 30 companies holding the biggest capitalisation (VN30) to decrease in yesterday's session.

At this price, the capitalisation of Mobile World has shrunk by nearly VND650 billion ($28.2 million) to VND35.5 trillion ($1.54 billion).