Personal data leak affecting 10K Vietnamese might be linked to a mobile crypto mining app
The hacker is asking $9,000 in BTC or LTC for the leaked data.
Mon, 17 May 2021, 15:51 pm UTC
Crypto mining app for mobile users Pi Network is now reportedly linked to a massive data leak. The leak involved the personal data of thousands of users of the popular app.
The leaked personal data came from the Know Your Customer checks each user has to undergo when signing up to the Pi Network according to the unidentified party who posted it on RaidForums, Cointelegraph reported. The identity card information data of around 10,000 Vietnamese users of the crypto mining app were put on sale.
Personal data included in the data breach include photos, phone numbers, home addresses, and email addresses. The seller is asking buyers to pay $9,000 for the data and demands to be paid in Bitcoin (BTC) or Litecoin (LTC).
Hanoi-based cybersecurity expert Pham Tien Manh said that it could be troublesome for the victims if the data were to eventually end up in the wrong hands. The expert explained that the personal info contained in an identity card could be used to sign up for accounts in the communications and financial fields, according to the local publication VNExpress.
Meanwhile, Vo Do Thang, director of cybersecurity firm Athena, placed the responsibility on whoever let the data be leaked. He explained that there is nothing ordinary users could do to protect their personal data once it is uploaded into the app’s platform.
The one who posted the leak on Raidforums claimed that the data was accessed via Pi Network. However, some do not believe the claim since the platform does not directly verify user info nor request photos of user identity cards.
Phien Vo, the moderator of a group discussing the Pi Network, said that it is not possible for Pi Network to leak the data since KYC processing was done by a third-party verification site called Yoti. The moderator explained that while Yoti accepts identity cards from around 62 countries and territories, Vietnam is not included in the list.
“To perform KYC verification on Pi Network, Vietnamese would need to use their passports, Phien Vo said, “Only some users who used earlier versions of Pi could perform KYC verification using their driver licenses, but so far the system has yet to accept Vietnamese identity cards.”
Vietnam’s Ministry of Public Security's cybersecurity division has already started an investigation on the incident on Monday. The original thread on the data leak on Raidforums has been deleted.
<Copyright © TokenPost. All Rights Reserved. >