DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data from Vietnam’s state-owned oil and gas group and affiliated firms leaked

Posted on March 14, 2023 by Dissent

Listing by Kernelware on BreachForums displays logos of three Vietnamese firms

Three Vietnamese firms involved in the petroleum industry and infrastructure may first be learning that some of their files are being given away freely on BreachForums.

Forum user Kernelware posted a listing early Tuesday, identifying the firms as PetroVietnam, Long Son Petrochemicals, and POSCO Engineering & Construction.

PetroVietnam is the trading name of the Vietnam Oil and Gas Group, which is state-owned. 
Long Son Petrochemicals Complex. Long Son Petrochemicals Company Limited was established to develop, construct and operate Vietnam’s first integrated petrochemicals complex in Ba Ria-Vung Tau province.
POSCO E & C is a total construction firm headquartered in Poland with international branches, including one in Vietnam.

Kernelware’s post also notes, “…these are just the main 3, but there are also a few smaller miscellaneous companies that are included in the leak.”

According to Kernelware, the leak includes:

– Tons of schematics for various infrastructure
– Tons of piping schematics
– Business registration documents
– Employee information
– Contract agreement documents

It’s unclear from the sample of files whether it was just one company’s server that was involved or if it was more than one. Inspection of the files revealed that some files were stamped with all three entities’ names from a project in which they were all involved.

When asked, Kernelware declined to explain how they accessed the data but did tell DataBreaches they had not made an attempt to contact the firms or seek any payment or ransom.

“I’m not interested in blackmailing any money from them nor selling it on BF. I’m leaking it for free,” Kernelware told this site.

DataBreaches sent an email inquiry to PetroVietnam asking about the claimed breach, but no reply was immediately available. This post will be updated if a reply is received.

Other Leaks by Kernelware

Since joining BreachForums in August of 2022, Kernelware has been a regular contributor, offering free tutorials to help others, free data leaks, and occasional databases for sale.

In just the past few weeks, they have offered Acer Taiwan data for sale and given away data allegedly from HDFC Bank in India.

The bank quickly denied any compromise of their system, and it later emerged that the leaked data belonged to HDB Financial Services, a non-banking financial company that is a subsidiary of HDFC Bank. Kernelware acknowledged their error in a subsequent edit, “The leak is actually from a HDFC subsidiary called HDB Financial Services. My mistake.”

Days later, Kernelware again made headlines, this time by leaking 21 GB of data from Swiss technology firm Acronis. Acronis rushed to get control over the story, issuing a post on LinkedIn that stated that their investigation so far indicated that the credentials used by a single specific customer to upload diagnostic data to Acronis support had been compromised and no other system or credential had been affected. “There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer,” CEO Kevin Reed wrote.

While Acronis may have been in a bit of an incident response sweat, Kernelware amused the forum regulars by writing, “In all honesty, the leak is minor and it isn’t really interesting. But hey, a breach is a breach….. I was bored so I just decided to humiliate the fuck out of them. Simple as that.”

But in what should result in some entities breathing a small sigh of relief, Kernelware’s newest posting ends with a note: “Also, I’ll be taking a short break from my mass leaking spree. I got exams coming up Sad”

 

 

Category: Breach IncidentsHackNon-U.S.

Post navigation

← Lawsuit filed against Lehigh Valley Health Network after ransomware gang leaks sensitive patient data online
Monetary Authority of Singapore Sets Out Revised Expectations for Notification of Data Breaches by Licensed Insurers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.