Vietnam Airlines data breach

Flashback

Flashback

Enthusiast
Joined
Oct 29, 2006
Posts
13,526
Another one, quite a lot of data exposed this time. 7.32 million accounts.

Compromised Data: Dates of birth, Email addresses, Loyalty program details, Names, Phone numbers
Description: In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
 
It's the same threat actor that compromised Qantas, likely similar playbook - target a call centre employee and exfiltrate all the customer data.

The part that customers should be frustrated about is that it was released now because a ransom wasn't paid, just like in Qantas's case. The company absolutely knew they had been compromised, if it is news to customers today that means they did not inform customers.
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Whats worse is in this case it appears it was a single breach into salesforces systems through which they were able to access multiple databases belonging to other companies.

Anyhow it's nothing compared to the 2014-2018 hack on Starwood/ Marriott where reportedly Chinese state associated actors used the hack to build profiles on key political and business people
 
moa999 said:
Whats worse is in this case it appears it was a single breach into salesforces systems through which they were able to access multiple databases belonging to other companies.
Click to expand...
I'm certain that's not the case, they did it via a social engineering attack and a malicious Salesforce app, but it wasn't a breach of Salesforce's systems:

arstechnica.com

Salesforce says it won’t pay extortion demand in 1 billion records breach

Scattered LAPSUS$ Hunters gave Salesforce until Friday to pay or else.
arstechnica.com arstechnica.com

Highlights the challenges faced when a platform allows integration between 3rd party apps and CRM data, but those 3rd party apps absolutely need to be able to read CRM data. The fact it seems Salesforce doesn't seem to have any controls to avoid large scale exfiltration is a failure in my opinion but I'm sure they'd tell you it is a feature, or sell you overpriced ineffective security add-ons instead.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 795 (members: 6, guests: 789)
Back
Top