Dec 09, 2020 / 16:52

Popular Vietnamese delivery system gets hacked

The Vietnamese delivery system Giao Hang Tiet Kiem (GHTK – Saving on Deliveries) was attacked by hackers.

The Vietnamese delivery system Giao Hang Tiet Kiem (GHTK – Saving on Deliveries) was attacked by hackers.

Screenshot of an article on Medium about the cyber-attack on the Vietnamese delivery system Giao Hang Tiet Kiem (GHTK). Source: kinhtedothi.vn

According to the social publishing platform Medium, hackers got access to nearly 4GB of source code of the delivery system Giao Hang Tiet Kiem and sold it online.

Speaking about the data they are selling, the hackers said they got it because there was a major flaw in the GHTK system. This flaw allowed them to view, edit and modify the codes of any projects. As the result, they downloaded all of the system’s data.

Medium said the flaw could be the result of mistakes in the DevOps practices of the system’s programmers and administrators. It could also be caused by the system’s password low level of security, which made it become untrustworthy.

A cybersecurity expert said the hackers could probably use the technique social engineering. This is a form of attack that targets the employees of GHTK, deceiving them to break into the system and steal data.

GHTK is a professional e-commerce delivery company in Vietnam founded in 2013. It specialises in providing convenient door-to-door delivery services for online shops and businesses.

With a wide range of operations with more than 1,000 branches nationwide, GHTK currently has more than 20,000 customers, serving millions of orders per month. The delivery company is also keeping a large amount of data including important information such as name, phone number, and address of users.

At present, there is no information on whether personal data of customers using GHTK’s services has been exploited. However, that scenario is highly possible, according to Medium.

GHTK is not the first company to suffer from data leakage and system source code issues. More than 50 companies, including Microsoft, Adobe, Lenovo, AMD, Qualcomm, MediaTek,... have also been victims of cybercrime organisations.