Tinhte.vn — The biggest technology forum in Vietnam leaked source code

Tinhte is one of the free forums that anyone can visit to view information technology, science and technology, and life technology. Many young people, each month, actively discuss this forum. Tinhte has more than 23 million hits, gathered more than 1 million members, and changes every day.

As the largest forum in Vietnam, in recent years, Tinhte has applied Machine Learning and Big Data technology to suggest suitable articles to users while analyzing, identifying trends, and the user’s interest in what kind of news. Using technologies like these requires administrators and programmers to have secure systems in place to protect visitors’ information.

However, the forum's system is not perfect, and the hacker has found a loophole in this system. More specifically, the hacker found a vulnerability in the Gitlab source code management system and executed the attack. According to the source we have shared, the system is remotely accessible, and some projects have a public archive. Anyone can view and download the source code and source code change history.

Screenshot of one of the leaked source codes

The above data breach helps hackers get a lot of information, and in our opinion, it has a great impact on this forum. As follows:

Part of Tinhte’s graph database

Besides, this data breach also caused negative effects on forum visitors. Hackers can see users' reading history and comment behavior to one or many posts in Tinhte’s system. Although the incident did not reveal personal information, revealing the user’s behavior and reading habits is also related to the user’s personal information and security issues.

Database connection information

The danger level of the incident was assessed to be very high. This is caused by the programmer’s carelessness in setting up the system or possibly because the forum's administrator has not been trained in the enterprise's information security awareness. Or it is also possible that Tinhte does not have a strict and safe software development process.

Through the above incident, Tinhte needs to handle the above data attack to prevent the organization from being compromised on internal information and protect visitors' personal information. Above all, this is not the first time a forum or social network has a data system compromised, making many organizations and individuals raise awareness and understanding of the right to protect personal information and improve more high-tech solutions.

But I'm only a vigilante hacker by night. By day, just a regular cybersecurity engineer. Employee number ER28-0652