Vietnam’s Ministry of Public Security’s cybersecurity division has launched an investigation into the newly-revealed data leak, which exposed over 17 GB worth of identifying personal information.
The information leak was originally exposed in a since-deleted forum post on RaidForums by an account named Ox1337x, who allegedly revealed the possession of a large amount of Know You Customer (KYC) data from users of the Pi Network.
The account claimed to have access to documents such as Vietnamese identity card information with faces, addresses, phone numbers and emails. The account put the information up for sale for $9,000, asking for payment to be made through cryptocurrencies bitcoin or litecoin.
“To perform KYC verification on Pi Network, Vietnamese would need to use their passports. Only some users who used earlier versions of Pi could perform KYC verification using their driver licenses, but so far the system has yet to accept Vietnamese identity cards,” Phien Vo, a moderator of the Vietnamese Pi Network group chat channel, told VnExpress.
Vo maintains that it is not completely accurate to blame the leak on the Pi Network, as the platform processes its KYC data through a third-party system known as Yoti, a biometric consumer application that studies the consumption and use of digital identification. Vo adds that while Yoti accepts identity cards from 62 countries and territories, that list does not include Vietnam.
During an earlier version of the Yoti app, it did accept these forms of identity cards, according to reports.
Vietnam had been making strides against cybercrime after 2020 saw an increase in cyberattacks across some of its economic sectors. Millions of Facebook users in Vietnam had also been exposed after 3 GB worth of scrapped data was found on a cloud-based server.
Since then, the Vietnamese government has been working towards establishing a more digital presence and economy. Earlier this year, the IDs of more than 300,000 Vietnamese were leaked on RaidForums, this time from a different anonymous account.