Vianet‘s security was breached and more than 170 k customers data was exposed. The hacker who goes by the name नरपिचास @paapi_kto_mah , posted a link in his twitter handle. Vianets’ breach was second attack among the nepal’s top ISP’s. first line was Subisu. The data dump link is hosted in onion network which is accessible by ToR browser.
The Leak was first posted in twitter handle 1 pm April 7th 2020. Vianet is currently investigating the issue and fixing the security loops. The data that was posted in the twitter handle is said to be legit customer data. 170000 Data can be downloaded easily if you have the right tools.
If you look at the dates carefully, Foodmandu was hacked exact 1 month before this cyber attack. Looking at the dates we can confirm that the hack was planned a month before. The hacker seems to be follower of @mr_mugger who hacked foodmandu one month back. In his tweet he wrote ” डाटाका भोगी मानवहरु, लौ मोज गर: ” which translates to “Enjoy Data Lovers “. In his latest tweets he wrote ” एक लाख सत्तरी हजार पाँच सय भन्दा बडी डाटा लिक भाछ, र कोसैलाई बाल छैन । यो पो होर देश भनेको । ” . This was a sarcastic comment to Nepal’s situation in data privacy and security. Foodmandu was hacked a month ago and no one cared about the data that was breached. it also hit hard on how irresponsible the tech industries in Nepal that do not to care about their customers data.
Here is the dumped link : http://xpeg3wb2nztefnx5otdigjzczzmgn3ayy2cgrt722qnwmdkn5k6cgvid.onion/
Vianet Communications has made an official statement about the hack, their response to it. They also have highlighted the security risk to their customers.