DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data from Vietnam’s state-owned oil and gas group and affiliated firms leaked

Posted on March 14, 2023 by Dissent

Listing by Kernelware on BreachForums displays logos of three Vietnamese firms

Three Vietnamese firms involved in the petroleum industry and infrastructure may first be learning that some of their files are being given away freely on BreachForums.

Forum user Kernelware posted a listing early Tuesday, identifying the firms as PetroVietnam, Long Son Petrochemicals, and POSCO Engineering & Construction.

PetroVietnam is the trading name of the Vietnam Oil and Gas Group, which is state-owned. 
Long Son Petrochemicals Complex. Long Son Petrochemicals Company Limited was established to develop, construct and operate Vietnam’s first integrated petrochemicals complex in Ba Ria-Vung Tau province.
POSCO E & C is a total construction firm headquartered in Poland with international branches, including one in Vietnam.

Kernelware’s post also notes, “…these are just the main 3, but there are also a few smaller miscellaneous companies that are included in the leak.”

According to Kernelware, the leak includes:

– Tons of schematics for various infrastructure
– Tons of piping schematics
– Business registration documents
– Employee information
– Contract agreement documents

It’s unclear from the sample of files whether it was just one company’s server that was involved or if it was more than one. Inspection of the files revealed that some files were stamped with all three entities’ names from a project in which they were all involved.

When asked, Kernelware declined to explain how they accessed the data but did tell DataBreaches they had not made an attempt to contact the firms or seek any payment or ransom.

“I’m not interested in blackmailing any money from them nor selling it on BF. I’m leaking it for free,” Kernelware told this site.

DataBreaches sent an email inquiry to PetroVietnam asking about the claimed breach, but no reply was immediately available. This post will be updated if a reply is received.

Other Leaks by Kernelware

Since joining BreachForums in August of 2022, Kernelware has been a regular contributor, offering free tutorials to help others, free data leaks, and occasional databases for sale.

In just the past few weeks, they have offered Acer Taiwan data for sale and given away data allegedly from HDFC Bank in India.

The bank quickly denied any compromise of their system, and it later emerged that the leaked data belonged to HDB Financial Services, a non-banking financial company that is a subsidiary of HDFC Bank. Kernelware acknowledged their error in a subsequent edit, “The leak is actually from a HDFC subsidiary called HDB Financial Services. My mistake.”

Days later, Kernelware again made headlines, this time by leaking 21 GB of data from Swiss technology firm Acronis. Acronis rushed to get control over the story, issuing a post on LinkedIn that stated that their investigation so far indicated that the credentials used by a single specific customer to upload diagnostic data to Acronis support had been compromised and no other system or credential had been affected. “There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer,” CEO Kevin Reed wrote.

While Acronis may have been in a bit of an incident response sweat, Kernelware amused the forum regulars by writing, “In all honesty, the leak is minor and it isn’t really interesting. But hey, a breach is a breach….. I was bored so I just decided to humiliate the fuck out of them. Simple as that.”

But in what should result in some entities breathing a small sigh of relief, Kernelware’s newest posting ends with a note: “Also, I’ll be taking a short break from my mass leaking spree. I got exams coming up Sad”

 

 

Related posts:

  • Who is on TEKsystems Intel Leak
  • Commentary: Repeated insider breaches at TD Bank should trigger federal regulator investigation (update 1)
Category: Breach IncidentsHackNon-U.S.

Post navigation

← Lawsuit filed against Lehigh Valley Health Network after ransomware gang leaks sensitive patient data online
Monetary Authority of Singapore Sets Out Revised Expectations for Notification of Data Breaches by Licensed Insurers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.