Vianet Falls Victim To Data Breach, Customer Data Compromised

The biggest data breach in the history of Nepal
Share It On:

April 08, 2020, Kathmandu, Nepal

Vianet, one of the largest ISPs in Nepal has become the latest victim of a data breach. Hacker(s) have managed to hack the database of the ISP stealing over 1.7 lakhs of customer data. (To be precise, the data of 176518 customers has been compromised)

The data has been leaked by a twitter handle ‘Narpisach’ on the platform itself.

In fact, you will need to use a special browser ‘Tor’ to access the data posted on the dark web. The twitter handle posted the onion link leading to the leaked data.

At the moment, twitter has restricted the account.

Hacked data includes the dump of name, address, mobile, and email of over 1.7 lakhs Vianet users.

Sounds familiar?

Indeed, it is similar to the Foodmandu data hack that occurred around a month ago. The incidents have raised serious questions regarding the security of online service providers in Nepal.

Managing Director of the company, Binay Bohara, said that the data was leaked internally.

‘We only knew about it a while ago. The hacker made it public on a tweet containing leaked data yesterday. We are conducting internal research,’ he said.

He also said the information will only be known after the investigation as to when the data was stolen.

What’s in the Hacker’s Tweet

The hacker posted a series of tweets on Twitter following the data breach. The twitter handle “नरपिचास” (@paapi_kto_mah) seemed to feel empowered as they posted this:

Vianet Data Breach

“Enjoy this, Data hungry people”, the post read. The data dump is hosted on the ‘Onion network’ that encrypts the user’s data in onion-like layers making it impossible to track.

Now, the account seems to have been temporarily restricted. We believe the platform might have taken an action against the account or the tweet.

However, the data is still accessible.

Vianet's Data Dumped Publicly on Tor Network
https://ictframe.com/nepali-isp-vianet-data-breach-leaks-almost-160000-users-data/

Officials at the Nepal Police’s Cyber Crime Bureau said that they were unaware of the breach.

“We have seen some posts about the Vianet data breach on social media,” said Senior Superintendent Nabinda Aryal of the Cyber Crime Bureau. “But, we do not have any official information yet.”

There is no confirmation from the official source of Vianet.

How are People Responding to Vianet’s Data Breach

People are furious and worried regarding the scenarios Nepal’s tech companies are facing. There are serious concerns for the weak implementation of database security of data-based companies, which is most of the top companies in Nepal.

Basanta K. Dhakal writes on IT Entrepreneurs for Nepal:

He is concerned about the security measures the companies should apply for securing customer data. And, for obvious reasons!

Another response is by Rakesh Panthi on a comment that reads:

He says that this particular incident is the one we know about because the hacker chose to leak the data. There must be other several data breach cases that no one knows just because the hackers chose to not share the information.

He further writes that it is the failure of IT security specialists. Also, he points out that the customer’s GPS location could be next in the data breach incidents of the near future. And,  this could possibly be from platforms like Pathao and Tootle.

How to prevent Data Breaches?

Security experts better know how to prevent data breaches and hacks. However, recent cases in Nepal have pointed towards the weak implementation of security systems. Either that or carelessness of security specialists.

As consumers, it is time to know some facts and points that can prevent data breaches.

  • Updating software on a regular basis can prevent attacks. It is essential to update the OS and other applications. The networks become sensitive if not patched.
  • Limiting access to the most valuable data will prevent any employee from clicking malicious links directed towards cyberattacks. Only concerned departments and security specialists should have access to such data.
  • Training the employee is the best way to make sure potential risks stay put. Tech companies need to train their employees about the latest cybersecurity policies and practices.
  • Vulnerability testing and Compliance Management will make sure to identify any loopholes and security misconfigurations. After all, prevention is better than cure.
  • Avoid access to office laptops, files, and software at home. The data breach can occur by any small mistake due to the use of office property and personal data simultaneously. Hence, monitoring devices can help with minimizing the risks.
  • Be careful of Third-Party vendors and make sure to observe them thoroughly. Make sure to check their background and reputation before collaborating with them. They can carry potential risks to your sensitive customer data.
  • Early Notification will help minimize the loss by conducting an internal investigation. Report even minor issues or suspicious acts. This can help solve the issue internally.

Final Say

Tech companies need to strengthen their security systems as soon as possible by the likes of it. More and more tech companies are falling victims to cyberattacks recently and it is concerning for their customers.

Had they sought enough security measures from the start, such data breach incidents could’ve been avoided.


Share It On:

Recent Posts

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and Banking Stability

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and

Share It On:23rd November 2024, Kathmandu Nepal’s Central Bank, Nepal Rastra Bank (NRB), has announced a significant investment of NPR

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural Development

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural

Share It On: 23rd November 2024, Kathmandu The Agricultural Development Bank (ADB) is recognized as a vital institution for Nepal’s

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future Outlook

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future

Share It On: 23rd November 2024, Kathmandu Ridi Power Company Limited wrapped up its annual shareholder meeting, the 23rd Annual

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender In Nepal

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender

Share It On: 22nd November 2024, Kathmandu A significant step has been taken towards strengthening financial ties between Nepal and

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November