According to reports, a newly registered user on R looked to sell 17 gigabytes of data including names, dates of birth, profile pictures, email addresses, phone numbers and identity cards.
In order to possess this cache of data, buyers would have to spend more than VND200 million (US$8,700) to be paid in cryptocurrency or cash through an intermediary, who is another member of the forum.
The post is now removed from the forum and the incident is under investigation, but danger remains.
According to the National Cyber Security Centre, based on the structure of the leaked data, it can be concluded that such data came from services that require users to submit their personal information, such as online borrowing services and cryptocurrency accounts.
In another incident in 2018, payment information of 5 million customers, including credit card information, was stolen from the system of The Gioi Di Dong (Mobile World) and shared publicly by a member of the R forum.
The following year the forum posted the information of 2 million users (including phone numbers, email addresses and ID numbers) of a Vietnamese bank, which could be downloaded for free. Many stated that the R forum is considered the “playground” of hackers, where the buying and selling of stolen data usually takes place.
Such incidents have sounded an alarm, requiring each individual, unit and organisation to take data security more seriously.
At many organisations and enterprises, digitisation and electronic transactions are becoming more common, raising the question of information security.
Online service providers in particular need to periodically review the operation of their system so as to promptly detect and fix vulnerabilities and minimise the risk of attacks and information theft.
For individuals, it is a fact that many are rather easy-going in signing up for accounts for online forums and services, providing their personal information such as phone numbers, ID numbers, bank accounts and even one-time verification codes. The sharing of such information gives evil-intentioned people opportunities to collect user data for malicious purposes.
To protect themselves, users should be cautious when providing their personal information to others. Upon detecting signs of fraud, they need to report to the authorities immediately. Users should only sign up for the services of licensed companies to avoid losing their money and personal information. When all individuals, units and organisations focus on enhancing security, the risk of data leaks and theft will be gradually minimised.