A hacking group self-called VNDCIO has been credited with a devastating cyberattack on the servers of Onus, a popular cryptocurrency exchange app based in Vietnam, generating losses for almost 2 million users on the platform. The information compromised during this incident is for sale on a well-known illegal forum on the dark web.
Faced with this situation, the company claims to be actively working to detect and correct the flaws that hackers addressed, in addition to implementing more functional methods to improve the security of its systems in general terms.
A day before the compromised information was exposed online, Onus reported to its users the detection of potentially malicious activity on their networks, although in the end it was not confirmed if any users would have been affected by the incident: As the days passed, the company confirmed the security breach: “By exploiting a security hole, a third party managed to gain unauthorized access to our systems, stealing hundreds of data from Onus,” said a statement from the firm.
The incident is believed to expose sensitive personal information of users, including full names, contact information, addresses, transaction history and even encrypted passwords. Experts say the leak could also involve copies of ID cards in the form of scans uploaded to Onus systems.
Hackers claim that most of the users whose data was exploited are Vietnamese. After posting images of user IDs in Vietnam, India and Indonesia, VNDCIO also published samples of what appear to be ID cards from the platform.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
