During the past two days (November 8 - 7), online forums and social networks spread hot news that Thegioididong (Mobile world - a big chain store of mobile devices in Viet Nam) leaked a large amount of customer information. According to Bkav experts, with the existing data, it cannot be confirmed whether Mobile world has been attacked or not.
On the side of Mobile world, it issued a statement denying that it had been leaked payment information of customers. As explained by Mobile world, when customers pay by card at POS, the encrypted data are transferred to the bank, or when customers make online payment via the company website, card information will be transferred through the payment portal of intermediary credit institutions. Therefore, the company does not store such information as card number, expiration date, purchase date, etc. of customers, so it is impossible to have this information leaked from their system.
To explain more about this incident, Bkav experts say that more than 5 million emails could be the data on Mobile world website or transaction logs or they can be just a list of emails “floated” on the Internet. These files themselves are not enough to say that they are stolen from Thegioididong.
Last night, after launching the data on 31,000 records of bank card numbers which were believed to belong to customers from the system of Thegioididong, hackers continued to upload 32 data lines with full 16-digit bank cards on RaidForums. However, Bkav experts state that it is not possible to confirm whether the credit card information is correct. Moreover, it seems that hackers are trying to make the incident worse by leaking information drop by drop to attract media attention.
Whether Mobile world has been attacked and been disclosed customer information or not, it requires practical investigation and assessments by experts. But right now Mobile world also needs to have clear evidence that the published data are inaccurate to reassure its customers.