- Ngoc Huynh
The login section on the VNPT Soc Trang website is seen in this screenshot taken in Ho Chi Minh City on March 16, 2015.
More than 50,000 accounts of customers of Vietnam’s state-run telecom giant VNPT were stolen and leaked on the Internet over the weekend, company spokesperson Bui Quoc Viet said Sunday.
The accounts, including personal information and login credentials, belong to customers of the VNPT branch in the southern province of Soc Trang, Viet said.
“Hackers targeted the software used to look up customer information hosted on an old server that is being replaced at VNPT Soc Trang,” he elaborated.
Viet did not comment on the culprits behind the attack, even though Security Daily, a Vietnamese-language Internet security website, reported on Saturday that a hacker outfit called DIE Group has claimed responsibility.
It may be a Vietnamese hacker group, Security Daily said.
DIE Group has posted the stolen accounts on their Facebook page, saying they are from “more than 10,000 mobile phone and landline accounts of VNPT,” according to Security Daily.
Security Daily said on its website that the real number of stolen accounts could be as many as 50,000, which was later confirmed by the VNPT media person.
The stolen accounts include the name, address, phone number, username and password that can be used to log in to the customer service section on the VNPT Soc Trang website.
“Hackers can use such information to log in and launch other attacks using the authorized access,” Security Daily warned.
“The leaked information can be a gold mine to spammers and swindlers.”
VNIST JSC, the operator of Security Daily, said the incident suggests that there are dangerous security holes in the VNPT system, which makes it vulnerable to hackers.
“Thanks to such vulnerabilities, hackers may be able to steal most of the information, including the system administrative accounts, from VNPT databases,” the company said.
The vulnerability was fixed on Saturday, VNPT deputy general director Pham Duc Long told tech website ICTnews the same day.
“VNPT has strengthened security in its entire network to ensure customers that their private information is safe,” Long was quoted as saying.
The attackers said on Facebook that they had decided to leak the stolen information online after “receiving no response from VNPT about our discovery of their security holes.”
DIE Group, however, did not reveal the usernames and passwords of the stolen accounts for fear that they may be used by other hacker groups, according to their Facebook status.
Source : http://tuoitrenews.vn/