[BreachExchange] Data leak: 1.9 mln Vietnam crypto app users at risk
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Tue Dec 28 09:16:47 EST 2021
https://e.vnexpress.net/news/business/companies/data-leak-1-9-mln-vietnam-crypto-app-users-at-risk-4409253.html
Personal data of 1.92 million users of Vietnamese digital currency app Onus
has been leaked due to a security breach.
The Singapore-based company founded and managed by Vietnamese stated Monday
its server had been attacked and personal data of a large number of users
could have been leaked.
It added user assets were not affected by the attack.
Internet users on Dec. 25 found the data of Onus customers posted on a data
trading website by an account named 'vndcio.'
The data includes real name, email address, phone number, username and
Electronic Know Your Customer (eKYC) info, which is the digital
verification of an identity without the need for face-to-face interaction.
Of all 1.92 million Onus users, around 90 percent are Vietnamese, the
hacker said.
'vndcio' claimed to have accessed the server of Onus to get the data and
delete the files on the server afterward.
He or she also uploaded screenshots of the data, including passport and ID
card info of users along with videos of 10 users’ faces, which is how Onus
identify its customers.
The hacker did not reveal how much he or she charges for the data but
provided an email address for contact.
On Dec. 26, another account, 'blackblock1234,' uploaded the same data with
a total volume of nine terabytes.
The leaked data is enough for hackers to fake user identification or send
them unwanted advertisements.
Onus, formally VNDC, launched its app in March last year and claimed to
have 1.8 million users in over 20 economies, with over 600,000 of them
having identified themselves electronically.
It allows users to trade cryptocurrencies like Bitcoin and manage their
investment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211228/82bdde4d/attachment.html>
More information about the BreachExchange
mailing list