On December 25, an account named VND for sale the database of the ONUS digital currency trading platform (formerly VNDC), which includes consumer identity verification (eKYC) info, images, video clips… on the Raid***** forum. According to this hacker, the information that was appropriated contained individual info of about two million ONUS buyers.
Raid is deemed a popular forum for hackers, wherever it specializes in posting and offering hacked databases. At the Raid forum, a quantity of Vietnamese firms, popular persons, persons with big assets in banking institutions have had information leaks.
Remember in March 2020, a member with the nickname “vow” of the Raid forum shared a information set that is believed to incorporate info of 41 million Facebook end users in Vietnam. After querying about 250,000 information lines, it can be viewed that the information shared on Raid are all individual facts of a big quantity of Facebook accounts.
Information fields this kind of as: mobile phone quantity, e-mail, hometown, location of operate, examine, info about household, family members as properly as interests of Facebook account holders are also proven in detail. All this information is in unencrypted kind. This is also the location wherever stolen info of about two million buyers at a Vietnamese joint stock business financial institution in 2019.
“I hacked into their server and dumped the data. I also deleted the files on the server. So now ONUS also doesn’t have user’s eKYC information. The database contains information about about 2 million ONUS platform customers”, VND compose.
Attached to the submit are various pieces of information explained by the account holder to be taken from ONUS’s servers. Personal info, which includes names, e-mail addresses, and working hrs of some end users, was also publicly disclosed by hackers.
When asked to deliver eKYC pictures and video clips, VND Posted much more identification papers of about ten buyers. The posting account explained that 90% of the information obtained came from Vietnamese end users.
This hacker also offers some clips that record the user’s encounter at distinct angles when the application verifies the identity. VNDCio does not give unique offering price tag of the over information. This man or woman requested get in touch with by the safe e-mail ProtonMail.
In response, ONUS side announced that the platform was impacted by a big-scale cyber assault.
“The attacker took advantage of a vulnerability in a set of libraries on the ONUS system to get into the sandbox server (for programming only). However, due to configuration issues, this sandbox server contains information that allows bad guys to gain access to our data storage system (Amazon S3) and steal some important information. ”, explained ONUS.
According to the announcement, the assault has the probable to expose individual info which includes ONUS users’ names, emails, mobile phone numbers, addresses, KYC information, encrypted passwords and transaction historical past.
This undertaking workforce also explained that it is doing work with safety specialists to correct troubles and enhance safety. On December 25, the ONUS application forced end users to modify their passwords to be ready to entry the application.
In current instances, Vietnamese firms are frequently dealing with info disclosure incidents. On December 19, a consumer named Seasalt123 posted an posting containing individual info of about 200 Vietnamese end users on the Raid**** forum. Seasalt123 explained this is buyer information taken from Breport.vn, a web site that reviews mistakes on Bkav’s Bphone mobile phone merchandise.
Bkav’s representative shared that the leaked individual info came from the Breport merchandise error reporting and commenting services testing system.
ONUS (VNDC Wallet Pro) is the identify of a cryptocurrency exchange wallet (individually issuing stablecoins). Currently, VNDC Wallet has been restructured to develop into an ONUS application on November one, 2021. ONUS Wallet manages crypto asset trading with the biggest quantity of end users in Vietnam, formerly VNDC Wallet Pro with hundreds of thousands of end users in Vietnam.
Dautucoin.com (composite from ) ZingNews and sources).
