The Gioi Di Dong (Mobile World), one of Vietnam’s leading mobile retail chains, has asserted that news of its website being compromised and its customer data being leaked is fake, adding that the company’s operations remain safe and it is going about business as usual.
On Wednesday, many Facebook users and various technology online forums spread news that the The Gioi Di Dong website had been hacked and millions of its customers’ private data, including payment card information, had been leaked.
The data breach was first reported by RaidForums, a message board known for database leaks, giveaways, 4chan raids, twitch raids, prank calls and community banter.
An anonymous user named “Erwincho” posted two new threads to the site with links to three attached files that it claimed were a “database dump, belonging to one of Vietnam’s largest resellers – Mobile World JSC (best known for their brand – Thegioididong.com).”
|A screen capture of the The Gioi Di Dong data dump thread on November 7, 2018|
According to news site Zing.vn, the first file, named “Email_Filtered1.txt,” contained the personal data of millions of The Gioi Di Dong customers.
The second file “TGDD-Internal.txt” included 61,000 email addresses ending with @thegioididong.com, suggesting that they belong to the retailer’s employees.
The final file, “report_demo.xlsx,” is said to have included bankcard information and transactions made by 5.4 million customers at The Gioi Di Dong stores since 2016. However, six of each card’s numbers were covered and there is no evidence that any of the information is actually real.
“This is just the basic data, the full version will contain more information. Follow up,” Erwincho commented below the thread.
|The alleged list of The Gioi Di Dong customer data|
Addressing this scandal, The Gioi Di Dong’s public relations manager Dang Thanh Phong affirmed to Tuoi Tre (Youth) newspaper that “all the information is false.”
“Our system is safe, operating normally, and not affected,” Phong asserted.
Phong also said that The Gioi Di Dong is following up on the issue.
Meanwhile, some members at the RaidForums have threatened to continue exposing data collected in the The Gio Di Dong breach.
As of 3:00 pm Wednesday, the aforementioned lists were taken down from RaidForums.
Some Vietnamese Internet users said that they were able to download the email list leaked on RaidForums and find their own email addresses.
Addressing this issue, a The Gioi Di Dong representative asserted that those email addresses “did not come from our system.”
“Hackers might have obtained the addresses from other online sources and claimed that they belong to The Gioi Di Dong”