April 08, 2020, Kathmandu, Nepal
Vianet, one of the largest ISPs in Nepal has become the latest victim of a data breach. Hacker(s) have managed to hack the database of the ISP stealing over 1.7 lakhs of customer data. (To be precise, the data of 176518 customers has been compromised)
The data has been leaked by a twitter handle ‘Narpisach’ on the platform itself.
In fact, you will need to use a special browser ‘Tor’ to access the data posted on the dark web. The twitter handle posted the onion link leading to the leaked data.
At the moment, twitter has restricted the account.
Hacked data includes the dump of name, address, mobile, and email of over 1.7 lakhs Vianet users.
Sounds familiar?
Indeed, it is similar to the Foodmandu data hack that occurred around a month ago. The incidents have raised serious questions regarding the security of online service providers in Nepal.
Managing Director of the company, Binay Bohara, said that the data was leaked internally.
‘We only knew about it a while ago. The hacker made it public on a tweet containing leaked data yesterday. We are conducting internal research,’ he said.
He also said the information will only be known after the investigation as to when the data was stolen.
What’s in the Hacker’s Tweet
The hacker posted a series of tweets on Twitter following the data breach. The twitter handle “नरपिचास” (@paapi_kto_mah) seemed to feel empowered as they posted this:
“Enjoy this, Data hungry people”, the post read. The data dump is hosted on the ‘Onion network’ that encrypts the user’s data in onion-like layers making it impossible to track.
Now, the account seems to have been temporarily restricted. We believe the platform might have taken an action against the account or the tweet.
However, the data is still accessible.
Officials at the Nepal Police’s Cyber Crime Bureau said that they were unaware of the breach.
“We have seen some posts about the Vianet data breach on social media,” said Senior Superintendent Nabinda Aryal of the Cyber Crime Bureau. “But, we do not have any official information yet.”
There is no confirmation from the official source of Vianet.
How are People Responding to Vianet’s Data Breach
People are furious and worried regarding the scenarios Nepal’s tech companies are facing. There are serious concerns for the weak implementation of database security of data-based companies, which is most of the top companies in Nepal.
Basanta K. Dhakal writes on IT Entrepreneurs for Nepal:
He is concerned about the security measures the companies should apply for securing customer data. And, for obvious reasons!
Another response is by Rakesh Panthi on a comment that reads:
He says that this particular incident is the one we know about because the hacker chose to leak the data. There must be other several data breach cases that no one knows just because the hackers chose to not share the information.
He further writes that it is the failure of IT security specialists. Also, he points out that the customer’s GPS location could be next in the data breach incidents of the near future. And, this could possibly be from platforms like Pathao and Tootle.
How to prevent Data Breaches?
Security experts better know how to prevent data breaches and hacks. However, recent cases in Nepal have pointed towards the weak implementation of security systems. Either that or carelessness of security specialists.
As consumers, it is time to know some facts and points that can prevent data breaches.
- Updating software on a regular basis can prevent attacks. It is essential to update the OS and other applications. The networks become sensitive if not patched.
- Limiting access to the most valuable data will prevent any employee from clicking malicious links directed towards cyberattacks. Only concerned departments and security specialists should have access to such data.
- Training the employee is the best way to make sure potential risks stay put. Tech companies need to train their employees about the latest cybersecurity policies and practices.
- Vulnerability testing and Compliance Management will make sure to identify any loopholes and security misconfigurations. After all, prevention is better than cure.
- Avoid access to office laptops, files, and software at home. The data breach can occur by any small mistake due to the use of office property and personal data simultaneously. Hence, monitoring devices can help with minimizing the risks.
- Be careful of Third-Party vendors and make sure to observe them thoroughly. Make sure to check their background and reputation before collaborating with them. They can carry potential risks to your sensitive customer data.
- Early Notification will help minimize the loss by conducting an internal investigation. Report even minor issues or suspicious acts. This can help solve the issue internally.
Final Say
Tech companies need to strengthen their security systems as soon as possible by the likes of it. More and more tech companies are falling victims to cyberattacks recently and it is concerning for their customers.
Had they sought enough security measures from the start, such data breach incidents could’ve been avoided.