Tinhte.vn — The biggest technology forum in Vietnam leaked source code
Tinhte is one of the free forums that anyone can visit to view information technology, science and technology, and life technology. Many young people, each month, actively discuss this forum. Tinhte has more than 23 million hits, gathered more than 1 million members, and changes every day.
As the largest forum in Vietnam, in recent years, Tinhte has applied Machine Learning and Big Data technology to suggest suitable articles to users while analyzing, identifying trends, and the user’s interest in what kind of news. Using technologies like these requires administrators and programmers to have secure systems in place to protect visitors’ information.
However, the forum's system is not perfect, and the hacker has found a loophole in this system. More specifically, the hacker found a vulnerability in the Gitlab source code management system and executed the attack. According to the source we have shared, the system is remotely accessible, and some projects have a public archive. Anyone can view and download the source code and source code change history.
The above data breach helps hackers get a lot of information, and in our opinion, it has a great impact on this forum. As follows:
- At first, the hacker aimed at the source code of the neo4j-xenforo project. This helps them know what language the project’s source code is written in, which libraries are used, the processing logic, and who the system developer is.
- Next, the data attack aims to reveal database connection information (including connection IP address, login name, password), helping hackers to know the habits of setting passwords of the group — development and part of the organization’s network infrastructure. And most of all, Hackers will continue to build advanced attack scenarios in the future.
- Finally, the case of Tinhte Graph Database leak, possibly the test environment. This database stores information about relationships between users in the system and articles. This information can also directly affect the partners working with Tinhte.
Besides, this data breach also caused negative effects on forum visitors. Hackers can see users' reading history and comment behavior to one or many posts in Tinhte’s system. Although the incident did not reveal personal information, revealing the user’s behavior and reading habits is also related to the user’s personal information and security issues.
The danger level of the incident was assessed to be very high. This is caused by the programmer’s carelessness in setting up the system or possibly because the forum's administrator has not been trained in the enterprise's information security awareness. Or it is also possible that Tinhte does not have a strict and safe software development process.
Through the above incident, Tinhte needs to handle the above data attack to prevent the organization from being compromised on internal information and protect visitors' personal information. Above all, this is not the first time a forum or social network has a data system compromised, making many organizations and individuals raise awareness and understanding of the right to protect personal information and improve more high-tech solutions.
