Early this afternoon (Nov 10), hackers continue to release data and claim to belong to the concung.com system (supply chain for moms and babies) on raidforums.
After being downloaded and checked, the data are profiles of more than 2000 employees including the details of:
- Full name
- Phone number
- Date of birth
- ID number
- other information
It seems that the data are from a human resource management system of the company, however at this moment, it is impossible to confirm whether these are internal data of concung.com or not.
After analysis, these data include:
- 2272 fullnames of employees with position, department and address of workplace
- 2187 phone numbers
- 1133 email
- 2272 ID cards/Passports
- 1395 profile pictures
- other information
Checking confirms that the above information is correct, so currently it is possible to conclude that the data of concung have been leaked out. The exploiting method of bad actors is not confirmed yet.
With leaked information, it is possible that in the coming time, the staff of this system will face spam calls and emails. Temporarily, WhiteHat.vn (Viet Nam cyber security community) has some recommendations as follows:
- Do not click on strange links sent by phone or email
- Change passwords of email or social networks accounts, etc. if the date of birth, phone numbers or ID numbers are used as passwords.
- Use some spam blocking software on mobile phones
- System administrators need to review to detect vulnerabilities and promptly deal with them
Mr. Ngo Tuan Anh, Bkav's Vice President of Cyber Security said that the data uploaded by hackers are of concung.com employees.
According to Mr. Ngo, these employees need to change their passwords in case of using exposed passwords for other accounts. Besides, the victims need to be careful with strange emails and messages with signs of fraud to protect themselves.
It is highly possible that the company’s system has been compromised. Therefore, the company needs to review, detect vulnerabilities and handle them promptly.