 |
Vietnam Airlines is one of the businesses affected by the attack on Salesforce, a company that provides a customer management platform. Photo: SkyTeam . |
On the morning of October 14, Vietnam Airlines confirmed the incident involved a global technology corporation providing customer management services.
In an email to customers, the airline said that some customer data stored on a partner's system may have been accessed without authorization. However, Vietnam Airlines confirmed that sensitive information was not compromised.
"Sensitive data such as credit cards, payment information, passwords, itineraries, passports and Lotusmiles account balances of customers are still kept safe and secure," Vietnam Airlines wrote in a letter to customers.
On October 10, approximately 23 million data records were published, including customer information from many major companies. The exposed information related to names, email addresses, phone numbers, dates of birth, and email addresses. The oldest data was from November 23, 2020, and the latest was from June 20, 2025.
According to CyberInsider , this is the first batch of data published after the Scattered LAPSUS$ Hunters hacker group attacked Salesforce of 39 companies since June 2025. Salesforce is a customer relationship management platform used by many large corporations.
The first batch of data released includes six major companies: Qantas Airways, Vietnam Airlines, Albertsons, Gap, FujiFilm and Engie Resources.
Australia's Qantas Airways confirmed that 5.7 million customer records were exposed. Despite a court order restricting the release, the data was made public. According to Have I Been Pwned , the data related to Vietnam Airlines included 7.3 million email accounts, along with information such as names, dates of birth, phone numbers, and membership card numbers.
The data was released on the night of October 10, just hours after the FBI and France's BL2C cybercrime unit seized the personal information trading site BreachForums. However, law enforcement failed to take down the dark web version of the site. The hackers continued to use the dark web and several other portals to spread the data.
Salesforce has denied any platform-level vulnerabilities. The company said the issues were related to customer misconfigurations, third-party integrations, or outdated access tokens. The company said it has not negotiated with or paid the attackers. It is supporting affected customers.
The hacker group remains active via onion sites and Telegram channels. They have pledged to continue releasing data in stages.
According to the group's posts, there may be as many as 40 other companies whose data is about to be exposed. This is one of the largest leaks related to the Salesforce ecosystem, which serves hundreds of thousands of businesses worldwide .
In its announcement, Vietnam Airlines said it is coordinating with authorities, cybersecurity experts and technology partners to investigate, assess the incident, the scope of impact and strengthen data protection measures.
The airline also recommends that customers immediately change their Lotusmiles account password and associated email, be wary of suspicious calls or messages impersonating Vietnam Airlines, not share personal information or OTP codes, and not log in to unauthenticated systems.
Source: https://znews.vn/su-co-lo-du-lieu-cua-vietnam-airlines-nghiem-trong-den-dau-post1593592.html
![[Photo] Ready for the 2025 Fall Fair](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/14/1760456672454_ndo_br_chi-9796-jpg.webp)
Comment (0)