Three Vietnamese firms involved in the petroleum industry and infrastructure may first be learning that some of their files are being given away freely on BreachForums.
Forum user Kernelware posted a listing early Tuesday, identifying the firms as PetroVietnam, Long Son Petrochemicals, and POSCO Engineering & Construction.
Kernelware’s post also notes, “…these are just the main 3, but there are also a few smaller miscellaneous companies that are included in the leak.”
According to Kernelware, the leak includes:
– Tons of schematics for various infrastructure
– Tons of piping schematics
– Business registration documents
– Employee information
– Contract agreement documents
It’s unclear from the sample of files whether it was just one company’s server that was involved or if it was more than one. Inspection of the files revealed that some files were stamped with all three entities’ names from a project in which they were all involved.
When asked, Kernelware declined to explain how they accessed the data but did tell DataBreaches they had not made an attempt to contact the firms or seek any payment or ransom.
“I’m not interested in blackmailing any money from them nor selling it on BF. I’m leaking it for free,” Kernelware told this site.
DataBreaches sent an email inquiry to PetroVietnam asking about the claimed breach, but no reply was immediately available. This post will be updated if a reply is received.
Other Leaks by Kernelware
Since joining BreachForums in August of 2022, Kernelware has been a regular contributor, offering free tutorials to help others, free data leaks, and occasional databases for sale.
The bank quickly denied any compromise of their system, and it later emerged that the leaked data belonged to HDB Financial Services, a non-banking financial company that is a subsidiary of HDFC Bank. Kernelware acknowledged their error in a subsequent edit, “The leak is actually from a HDFC subsidiary called HDB Financial Services. My mistake.”
Days later, Kernelware again made headlines, this time by leaking 21 GB of data from Swiss technology firm Acronis. Acronis rushed to get control over the story, issuing a post on LinkedIn that stated that their investigation so far indicated that the credentials used by a single specific customer to upload diagnostic data to Acronis support had been compromised and no other system or credential had been affected. “There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer,” CEO Kevin Reed wrote.
While Acronis may have been in a bit of an incident response sweat, Kernelware amused the forum regulars by writing, “In all honesty, the leak is minor and it isn’t really interesting. But hey, a breach is a breach….. I was bored so I just decided to humiliate the fuck out of them. Simple as that.”
But in what should result in some entities breathing a small sigh of relief, Kernelware’s newest posting ends with a note: “Also, I’ll be taking a short break from my mass leaking spree. I got exams coming up ”