Hackers exploit nearly 4GB of system source code. GHTK is facing the risk of leaking customer information.
Giaohangtietkiem (GHTK) is a professional eCommerce transporter. This company provides door-to-door, convenience-to-door services to online stores or businesses. With a broad reach of more than 1,000 branches across the country, 20,000 shippers are operating continuously. Their information places a big question of whether there will be many customer information such as name, phone number, shipping address, and goods that will leak out.
Many domestic enterprises have recently expanded into other businesses to take advantage of the enormous customer base that is becoming a trend. But it becomes more harmful when these priceless assets are unsafe or traded on the black market or the Internet. According to the source we received, more than 4GB of source code of GHTK is being exploited and exchanged by hackers on the Internet.
The hacker who had attacked shared that “This was hacked by a major vulnerability which allowed me to view, edit or change the code of any projects, and I took advantage of it by downloading all!”. He adds, “But now vulnerability fixed.”
We have discussed with hackers and independently confirmed that the above information is correct. But hackers do not share more details about the vulnerabilities that hackers perform attacks but based on the conjecture of us, the error is likely negligence configured DevOps from the programmer, system administrator, or a weak password set.
A cybersecurity expert has stated that
It can be possible that hackers socially engineered the folks at GHTK to get in and then found some Vulnerability to access the server. Social Engineering is the only weakest Link in Information Security is no patch for human stupidity.
Losing control of the source code on the Internet is like giving a banking design to a thief. GHTK is not the first company in the world facing data or source code leakage. According to our statistics, more than 50 companies, including Microsoft, Adobe, Lenovo, AMD, Qualcomm, MediaTek, General Electric, Nintendo, Disney, and Huawei HiSilicon, … are victims of Hackers.
Customer information and database are the most significant competitive advantage and central in each business ecosystem. Therefore, this resource management is critical; if not, it will affect its brand and lose consumers’ confidence when the resources customers as items target of many hackers.
In the context of e-commerce, social networks are the development trend of the digital economy. Especially since online payment is increasingly popular, consumer information protection should be placed on the order.
At present, there is not any source of information about whether the personal data of customers using GHTK service will be exploited or not. Still, with this risk, that scenario is likely to happen.