From convenient services to personal data theft traps
After only a few minutes of logging into a cheap shopping website, Ms. Nguyen Hoai Anh (Cau Giay District, Hanoi) became a victim when her personal data was stolen. Ms. Hoai Anh said that in the following days, she continuously received calls inviting her to borrow money, promotional messages from unknown numbers, and even fake bank-based e-mails asking for confirmation of transactions.
When the website required me to enter my email, phone number, address, etc., I was skeptical but still had to fill out because it was a mandatory step. Not long after, I continuously received promotional calls. At that time, I learned that my personal information had been exploited and advertised for sale without any knowledge, Ms. Hoai Anh shared.
Ms. Hoai Anh's story is not unique. Recently, a series of personal data such as phone number, CCCD, email, bank account, and even health records have been publicly advertised on the internet. Many data packages contain millions of accounts, cost only a few hundred thousand VND, and can even be selected by area, industry or consumer behavior.
Posing as someone who wants to buy data of customers who regularly invest in real estate in Cau Giay district (Hanoi), we were introduced to an account owner named Minh Chien - a user who regularly posts content about buying and selling user data on social networks. With the above request, this account said that with just 150,000 VND, we will have more than 3,000 user data upon request.
Not only individuals, but also small businesses have become victims. Mr. Minh Quang - the owner of an online food restaurant said that his store account was taken over after logging into a free order management system through an advertising link received from the email. "At first, it was thought to be a support tool, but suddenly all of the customer data was hacked, affecting the reputation of the business," said Mr. Quang.
vulnerabilities from users to service providers
Explaining the increasingly serious nature of data leakage, Mr. Ngo Tuan Anh - Vice President of the Vietnam Information Security Association - said that the causes come from all three sides: Users lack knowledge, weak technology platforms and an inadequate legal corridor.
Useres are often subjective when using online services. They are willing to enter all personal information to receive promotions, but do not care whether the website is reliable or not. In addition, many users have the habit of using a password for multiple accounts; often click on strange links in emails, social networks; ... these are "doors" for hackers to break in", Mr. Tuan Anh analyzed.
Meanwhile, many online service providers, especially small and medium platforms, have not properly invested in system security. Some still use old technology, lack data encryption, and do not have measures to detect early intrusion.
To limit this situation, Mr. Tuan Anh suggested: First of all, users need to raise awareness and security habits: Do not share arbitrary information, use strong passwords, activate 2-layer authentication and be careful with strange applications. Enterprises must invest in security systems, encryption and periodic safety inspection".
