Vietnam Airlines data breach

[Flashback]

Another one, quite a lot of data exposed this time. 7.32 million accounts.

Compromised Data: Dates of birth, Email addresses, Loyalty program details, Names, Phone numbers
Description: In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.

 

[33kft]

It's the same threat actor that compromised Qantas, likely similar playbook - target a call centre employee and exfiltrate all the customer data.

The part that customers should be frustrated about is that it was released now because a ransom wasn't paid, just like in Qantas's case. The company absolutely knew they had been compromised, if it is news to customers today that means they did not inform customers.

 

[moa999]

Whats worse is in this case it appears it was a single breach into salesforces systems through which they were able to access multiple databases belonging to other companies.

Anyhow it's nothing compared to the 2014-2018 hack on Starwood/ Marriott where reportedly Chinese state associated actors used the hack to build profiles on key political and business people

 

[33kft]

Whats worse is in this case it appears it was a single breach into salesforces systems through which they were able to access multiple databases belonging to other companies.

I'm certain that's not the case, they did it via a social engineering attack and a malicious Salesforce app, but it wasn't a breach of Salesforce's systems:

Salesforce says it won’t pay extortion demand in 1 billion records breach

Scattered LAPSUS$ Hunters gave Salesforce until Friday to pay or else.

arstechnica.com

Highlights the challenges faced when a platform allows integration between 3rd party apps and CRM data, but those 3rd party apps absolutely need to be able to read CRM data. The fact it seems Salesforce doesn't seem to have any controls to avoid large scale exfiltration is a failure in my opinion but I'm sure they'd tell you it is a feature, or sell you overpriced ineffective security add-ons instead.

 

[pauldab]

Overnight I received an email from haveibeenpwned.com noting the email address I use for my VN Lotus Miles account was in the dataset from the Salesforce breach which hit Qantas.

This is a direct result of the dataset being released to the public, HIBP actively scrapes for public releases of info and if it's credible they add it to their database then alert their registered users.
You can safely put your email address into their search to see if it's been included in any breach. There is no need to hand over a password or other info.
And I can assure everyone, the Have I Been Pwned website is safe and is created/owned/operated by an Australian security researcher Troy Hunt.
They only provide searching for email addresses and never expose any information from the breach. Only that the email you enter was present.

More information on this specific incident is at Have I Been Pwned: Vietnam Airlines Data Breach

EDIT:
Dataset includes Name, DOB, Email Address, Phone Number & Loyalty Membership Number
You won't know what exactly was taken as we had from the Qantas breach but just assume all 5 data points were revealed.

I can confirm this is related to VN and not QF by mistake as I use unique email addresses for each company I deal with as an additional factor of authentication and this breach was on my VN email address.

 

[Flashback]

Comms sent out by the airline now.

Dear Valued Customer,

Vietnam Airlines would like to inform you of a recent data breach involving a third-party customer service platform operated by a global technology partner. According to the service provider, Vietnam Airlines is among several global companies using its services that have been affected by this incident. A portion of customer data managed on this platform was accessed without authorization.

Upon being alerted, we took appropriate actions to coordinate with relevant authorities, cybersecurity experts, and the third-party partner to investigate the breach, assess potential impact and contain further unauthorized access to its system.

Some personal information may have been exposed, including full name, email address, phone number, date of birth, and Lotusmiles membership number. At this time, data such as payment information, passwords, travel itineraries, Lotusmiles balances, and passport details remain secure. Additionally, Vietnam Airlines’ internal IT systems were not affected.

To help protect your personal data, we recommend changing the passwords of your Lotusmiles and associated email accounts, staying alert to potential phishing attempts, suspicious emails or phone calls impersonating Vietnam Airlines, and avoid sharing information, one-time passcodes (OTPs), or login credentials with unverified sources.

Vietnam Airlines sincerely regrets any concern this incident may have caused. We are committed to keeping potentially affected customers informed with relevant updates as the investigation continues.

For any questions or assistance, customers are kindly requested to contact Vietnam Airlines Data Protection Office at [email protected], or via 24/7 hotlines: 1900 1100 (for calls within Vietnam), 1900 1800 (for Lotusmiles members calls within Vietnam), and +84 24 3832 0320 (for calls outside Vietnam).

Your sincerely,
Vietnam Airlines

 

[Flyfrequently]

Same here @Flashback
Am on a roll KLM QFFVN

 

[Pushka]

With both Qantas and VN breach but for me the Qantas breach was much wider. 15 years ago on VN.

 

[dajop]

I'm starting to use a different DOB for new sign ups where DOB is not critical. Make myself a couple of years younger

For airlines, from memory, DOB does not form part of the ticket info.

 

[Pushka]

I'm starting to use a different DOB for new sign ups where DOB is not critical. Make myself a couple of years younger

For airlines, from memory, DOB does not form part of the ticket info.

But then you have to remember the date next time.

 

[markis10]

For airlines, from memory, DOB does not form part of the ticket info.

Does form part of the preclearance info though

 

[Flashback]

But then you have to remember the date next time.

Just use the same fake birthday every time, that's what I do. Security through obscurity!
@Daver6

 

[pauldab]

Email received today about the incident:

Dear Valued Customer,

Vietnam Airlines would like to inform you of a recent data breach involving a third-party customer service platform operated by a global technology partner. According to the service provider, Vietnam Airlines is among several global companies using its services that have been affected by this incident. A portion of customer data managed on this platform was accessed without authorization.

Upon being alerted, we took appropriate actions to coordinate with relevant authorities, cybersecurity experts, and the third-party partner to investigate the breach, assess potential impact and contain further unauthorized access to its system.

Some personal information may have been exposed, including full name, email address, phone number, date of birth, and Lotusmiles membership number. At this time, data such as payment information, passwords, travel itineraries, Lotusmiles balances, and passport details remain secure. Additionally, Vietnam Airlines’ internal IT systems were not affected.

To help protect your personal data, we recommend changing the passwords of your Lotusmiles and associated email accounts, staying alert to potential phishing attempts, suspicious emails or phone calls impersonating Vietnam Airlines, and avoid sharing information, one-time passcodes (OTPs), or login credentials with unverified sources.

Vietnam Airlines sincerely regrets any concern this incident may have caused. We are committed to keeping potentially affected customers informed with relevant updates as the investigation continues.

For any questions or assistance, customers are kindly requested to contact Vietnam Airlines Data Protection Office at [email protected], or via 24/7 hotlines: 1900 1100 (for calls within Vietnam), 1900 1800 (for Lotusmiles members calls within Vietnam), and +84 24 3832 0320 (for calls outside Vietnam).


Your sincerely,

Vietnam Airlines

 

[Pushka]

Nord VPN sent an alert about Vietnam airlines just now. Nothing there for Qantas.