April 08, 2020, Kathmandu, Nepal
One of the leading ISPs of Nepal, Vianet Communications, faced a massive data breach exposing its more than 1,70,000 users’ data. Well, to be exact, all its 1,76,519 user’s data. The leaked data includes the user’s email address, phone number, and address. In this post, we’re going to let you know actually what had happened.
Yesterday, Apr 7, a guy managed to enter the server of Vianet Communications between 7:30 to 7:50 by exploiting a bug. Then he downloaded the data in .csv format. After downloading the data, he put the data in Pastebin and tweeted, saying, “Who comes first, that will only get,” along with the link to Pastebin.
Then, he tweeted, asking if some changes have been seen in the system of Vianet at 8:39 pm. Though he tagged three accounts, none of them were official accounts of Vianet Communications.
At 8:42, he tweeted again with vulgar literature. He said that @mr_mugger, who had leaked the details of more than 50,000 users of online food delivery service, ‘Foodmandu’ was his disciple. He stated that he was going to do big mess in 2020. And that is what he did with the Vianet’s users’ data. He also stated that there would be fair of scandals. He ended the tweet with ‘Jay Nepal.’
After a minute at 8:43, he again tweeted tagging @mr_mugger. In this tweet, he said to @mr_mugger that data he leaked wasn’t as long as the data he has got.
At 8:54 pm, after 11 minutes of the previous tweet, the hacker (नरपिचास) retweeted the tweet of @mr_mugger which said “Data is beautiful” saying that data is not just beautiful but entertaining too.
Next morning, 11:07 AM on Apr 8, he twitted saying “Humans needy of data, take enjoy {onion link to data}”. In case you don’t know, onion links are the links to the dark web that can only be accessed from special browsers like the ‘Tor Browser’. They are different from normal links in the sense that, the data is stored in the computer of the data owner, not in the servers where normal websites are hosted.
Then, at 11:08 am, after a minute, he replied to the tweet with Pastebin link saying. “Data of more than one lakh seventy thousand five hundred people has been leaked, and no one cares. This is called a country.”
Then, at 11:55 am, he retweeted his tweet where he had mentioned wrong accounts assuming the account of Vianet Communications saying, “This was it @VianetFTTH.”
He has no twitter activity after it, and his twitter account is temporarily restricted for unusual activities.
Consequences of the data breach
After the data breach, various people will try to scam users. Users may receive spam emails and calls from unknown numbers. Multiple people will claim to be representative of Vianet and try to spam you. They’ll try to offer you fake offers. Don’t fall for them.
We suggest you confirm the numbers and emails before responding to them. Although the passwords haven’t been leaked, please change your password for extra security.
Vianet’s Statement on Data Breach
After 24 hours of a data breach, Vianet Communications issued an official statement acknowledging the incident. The statement signed by Binay Bohara, Managing Director of Vianet Communications, stated that the company faced a cyber incident that resulted in the leaking of personal data including name, phone number, address, and email address. The statement said that the loophole has been fixed, and the company has reported to the Cyber Bureau.
The company asked for the support and requested its customer not to answer calls from unknown numbers and verify if the numbers are really from Vianet Communications if someone says to me calling from Vianet. Similarly, the company requested to make sure that the email claiming to be from Vanet comes from an email address ending at ‘@vianet.com.np’.
In the end, the company apologized for the incident and said to update if any significant developments are made on the case.
What do we say about the incident?
May any company suffer the data breach, the one who should suffer are the consumers. So, a strong policy against cybercriminals should be brought by the government as soon as possible. Also, the companies should invest in their security and fix the loopholes as soon as it is found. The companies should reward the people who find the loopholes, and their efforts should be appreciated.
According to a person in Ask Buddie, the biggest tech community in Nepal, he found the loophole through which he could extract the same details as leaked now and reported to Vianet. The bug was fixed only after three months, and they didn’t even reward him.
So, we request the companies to invest a reasonable sum of money in security and reward the white hat hackers who help them in fixing the loopholes.
We wish may the customers never get their data compromised.