VietNamNet Bridge – DIE Group, a group of hackers, has posted personal information about 50,000 clients of VNPT, the largest telecom group in Vietnam, on the internet.


 

{keywords}

 

 


DIE Group said it had sent a warning about vulnerabilities to the website administrator but there has been no reply, while the security hole has not been fixed.

The information has been exposed on mega.co.nz, a site to share files online, according to Tran Quang Chien, the manager of Security Daily.

Though the information about 10,000 clients can be found on only this site, Chien said the figure would actually be 50,000. The information includes customers’ codes, names, addresses, mobile phone numbers, user accounts and passwords.

With the database, anyone could log on to the users’ accounts on VNPT’s website soctrang.vnpt.vn. However, some sources said hackers have erased important details to prevent people from exploiting the data.

SecurityDaily said on March 14 evening that the exposed information was still “alive”, which means that the information was still useful for criminals to penetrate the system through the vulnerabilities.

Analysts commented that the information exposure shows that dangerous security holes exist on VNPT’s website, which allow hackers to control and steal the database. 

They said that it is highly possible that the admin account has also been hacked. The hole is likely to be SQL Injection, a dangerous hole which hackers like exploiting.

On March 16, Bui Quoc Viet, the spokesman of VNPT, confirmed that VNPT’s data was hacked and the information about 50,000 clients of VNPT Soc Trang branch was posted on the internet.

Viet said the hackers exploited a software module used to look up customers’ information at VNPT’s Soc Trang branch.

Viet said this is an old server system which is being gradually replaced by VNPT. Prior to that, hackers posted on the internet information about tens of thousands of VNPT’s accounts.

Sensational news appeared in some local newspapers on March 16 morning that SecurityDaily, which gave a warning about the attack, may “have relations” with the hackers.

A local newspaper reported that VNPT’s representative had a meeting with SecurityDaily on March 15 afternoon to discuss the problem.

It also quoted Tran Quang Chien of SecurityDaily as denying the “relations with hackers”. Chien said SecurityDaily had received the image from a member of the group of hackers.

In the latest news, VNPT has said that it had taken necessary measures and settled the problem to ensure safety for the data and 50,000 client accounts.

CV