frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Vietnam Airlines Data Breach

https://haveibeenpwned.com/Breach/VietnamAirlines
42•pbd•3h ago

Comments

naedish•2h ago
Haven't heard a word from Vietnam Airlines - my whole family are members. Interesting to see how a Vietnamese organisation handles this type of incident.
nerdponx•14m ago
Does the Vietnamese government have any interest in cases like this? Or are things pretty laissez-faire over there despite the nominal socialism?
zkmon•2h ago
Trying to understand what's the real damage here. Dates of birth, Email addresses, Loyalty program details, Names, Phone numbers - how is one going to use this data to cause a loss the data owner? If any security check depends on this data by considering it as a secret, then I guess it's the fault of that security check.
brightbeige•2h ago
https://security.stackexchange.com/a/95070

https://en.wikipedia.org/wiki/Phishing#Spear_phishing

zkmon•2h ago
As I mentioned, the real issue is around considering of this data as a secret.
nerdponx•17m ago
Phishing and persecution are real things that happen and can be greatly facilitated by personal details like this.
zkmon•9m ago
Just to clarify to the downvoters: I meant "Secret" as in password, not as in "private data". It is a private data, but it shouldn't be used as a secret to pass some security check.
flotzam•2h ago
It's inherently a loss of privacy that anyone (given that the dataset is now public) can correlate

> Dates of birth, Email addresses, Loyalty program details, Names, Phone numbers

zenmac•1h ago
>In October 2025, data stolen from the Salesforce....

Seems like a salesforce leak. Not to single out sales force here. Could easily be fill in the ____ big corp. When are people going to get there is no absolute digital security. And at currently state, it is much more secure to NOT have all the data aggregated in one place. Of course this would go against the data mining operation. We should look at this from a perspective that benefits the user in the long term.

Server/relay should be very thin layer NOT storing any identifiable info about the user except for public keys. All other info should be stored locally where ONLY the user has access to them.

Thorrez•14m ago
I don't think Salesforce itself was hacked. It says "data stolen from the Salesforce instances of multiple companies".

HIBP links to [1], which links to [2], which says

>The FBI last week warned airlines in the US that the group was targeting the aviation sector. In a post on X, the FBI said the group uses social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access, and bypassing multi-factor authentication.

So it sounds like phishing attacks against the individual airlines. It sounds pretty much the same as [3], which goes into detail of the exact mechanism that phishers can use to steal Salesforce data. It does sound like it is a little bit Salesforce's fault, because Salesforce's UI makes it really easy to grant an attacker access to your database without realizing it. Salesforce needs to improve the permission granting UI so that it's clearer what is going on.

[1] https://www.theguardian.com/business/2025/oct/11/hackers-lea...

[2] https://www.theguardian.com/business/2025/jul/02/qantas-conf...

[3] https://cloud.google.com/blog/topics/threat-intelligence/voi...

tom1337•2h ago
at this point one should just assume all their data is already public once they entered it to any platform...
notahacker•2h ago
Can't think of an airline I'd be less surprised to hear this about.

Vietnam Airlines once somehow managed to email me the boarding pass of another person due to fly with them the following day. I'd provided an email address to their sales agent when booking a flight on a different route some nine years earlier (back in the good old days of 2009 when they didn't have newfangled stuff like online booking), and didn't even have a remotely similar name to the individual whose boarding pass they'd sent me. I hope they didn't miss their flight! (yes, I emailed back, copying in some customer service addresses that definitely weren't no-reply...)

I'm not an expert in airline PSS systems, but I know one thing - that isn't supposed to happen :)

greatgib•2h ago
Testing some emails in haveibeenpwned i realized something terrible about these leaks.

In isolation, ok, you have just your personal data like birthdate, name, phone number leaked just based on an email.

But now that there was so many leaks, just taking a single email, you can easily map an important part of the profile of a person. Give me an email, I now have: - All identification details, sometimes scanned id documents - linkedin details about the professional details of a person, which company when, ... - Even without the clear official address, you can have an average estimation of where the person live by looking at the countries or location of breached companies. - I can see with leak of big and small retailers like CostCo where the person is doing is shopping. Sometimes it can be worse for specialized retailers, like knowing that you might be vegetarian, or like buying electronic products. - With telecom providers breachs, you know the internet and mobile provider of a person, you can also discover that the person has multiple phone and mobile lines. - With leaks of forum and so, you can see if a user is into specific topics. - With things like leaks of airline providers like that, you can know if the person is a frequent flyers, might be a frequent visitor of some countries or area of the world as companies are often highly linked with their HQ country base. - You might also know that a person is frequently living in another place/country than its official residence ...

derwiki•24m ago
Makes me feel OK about my strategy to use a different email for every sign up
8cvor6j844qw_d6•1h ago
Using email alias for per account helps avoid tying your details across websites works pretty well as long as phone number is not associated with said account.

Also helps in tracking misbehaving websites that sells/leaks your emails or subject your email with excessive spam. I recall Stack Social is one of the worst offenders.

mustaphah•1h ago
I've never been able to unsubscribe from their shitty emails - which I never subscribed to. I only signed up for a flight.

And now, my data is open-source ಠ_ಠ

TheDong•44s ago
I think technically the CAN-SPAM act applies to an international company with any US customers, but in practice no company primarily in another country cares about that US law.
andrewinardeer•1h ago
Qantas got caught up too.

For those that don't know, Qantas stands for Queensland and Northern Territory Airline Service.

AWS RDS Data API Deep Dive

https://www.proactiveops.io/archive/aws-rds-data-api-deep-dive/
1•skwashd•25s ago•0 comments

Fed President says AI investment may push up interest rates

https://www.reuters.com/business/feds-kashkari-says-hes-skeptical-ai-is-replacing-workers-it-may-...
1•m-hodges•2m ago•1 comments

Tell HN: Protonmail support reads your emails in unsuspension process

1•sammy2255•2m ago•0 comments

Wilson's Algorithm

https://cruzgodar.com/applets/wilsons-algorithm/
1•FromTheArchives•2m ago•0 comments

Kilpi 1.0 released – the TS authorization library

https://kilpi.vercel.app/blog/2025-10-10-kilpi-v1-0
1•jussinevavuori•6m ago•0 comments

Ask HN: How do you store your (LLM) prompts?

1•dbosch•6m ago•0 comments

Hackers leak Qantas data on 5 million customers after ransom deadline passes

https://www.theguardian.com/business/2025/oct/11/hackers-leak-qantas-data-containing-5-million-cu...
2•breve•9m ago•0 comments

Exoplanet Travel Bureau – Take a trip outside our solar system

https://science.nasa.gov/exoplanets/immersive/exoplanet-travel-bureau/
1•FromTheArchives•11m ago•0 comments

Start Plan Evaluator – Built Using Google Opal

https://opal.withgoogle.com/?flow=drive:/1ATkS-1CyHA_ky0CSG8dP3_rmheGO3JYy&shared&mode=app
1•paperplaneflyr•13m ago•1 comments

Autonomous Robot Glider to Circle the Globe in Historic Ocean Mission

https://www.rutgers.edu/news/world-first-autonomous-robot-glider-circle-globe-historic-ocean-mission
1•geox•14m ago•0 comments

Show HN: WiFi QR – Instantly generate WiFi QR codes to share your network

https://wifiqr.io/
1•scqseo•17m ago•0 comments

Show HN: Chess Hold'em

https://chessholdem.net
1•elicash•18m ago•0 comments

Canadian Army launches bold modernization and restructuring initiative

https://www.canada.ca/en/department-national-defence/maple-leaf/defence/2025/10/canadian-army-lau...
1•WillDaSilva•19m ago•0 comments

Sysco Is Not "Ruining Restaurants"

https://liamrosen.com/2025/10/10/no-sysco-is-not-ruining-restaurants/
18•liface•21m ago•5 comments

ADRF: Async Django REST Framework

https://github.com/em1208/adrf
1•wahnfrieden•26m ago•0 comments

Europe's most dangerous cities according to citizens

https://www.visualcapitalist.com/ranked-europes-most-dangerous-cities-according-to-citizens/
3•bookofjoe•29m ago•1 comments

RWKV-8 ROSA – An attention-free neurosymbolic LLM

https://twitter.com/BlinkDL_AI/status/1976912771985146184
1•bratao•30m ago•0 comments

Scientists Completed a Damning Toxicity Report on This Forever Chemical

https://gizmodo.com/scientists-completed-a-damning-toxicity-report-on-this-forever-chemical-the-e...
2•01-_-•37m ago•0 comments

The Paradox of Progress

https://gabrielweinberg.com/p/the-paradox-of-progress
2•FromTheArchives•37m ago•0 comments

Fighting Email Spam on Your Mail Server with LLMs – Privately

https://cybercarnet.eu/posts/email-spam-llm/
1•unixfox•42m ago•0 comments

Apple Introduces the Year of the Linux Desktop [video]

https://www.youtube.com/watch?v=GQJZ96l-XQ4
3•ciconia•45m ago•0 comments

Benjamin Franklin created a new alphabet

https://historyfacts.com/famous-figures/fact/benjamin-franklin-created-a-new-alphabet/
1•tomcam•50m ago•0 comments

Decoding Without Pictures

https://hollisrobbinsanecdotal.substack.com/p/decoding-without-pictures
1•HR01•50m ago•0 comments

The End of Platform Hopping: Why We Built LumosCore

https://lumoscore.com/blogs/the-end-of-platform-hopping-why-we-built-lumoscore
1•Lumoscore•52m ago•1 comments

State of Opinion – Programming Languages – Autumn 2025 Edition

https://xlii.space/eng/opinion-languages-autumn2025/
3•xlii•52m ago•0 comments

Biden Spared 37 Killers from Execution. Trump Ordered Up a Lifetime of Torment

https://www.wsj.com/us-news/law/death-penalty-trump-convicts-biden-ddfbfd60
1•diogenes_atx•54m ago•1 comments

Has Kobo Reached the Enshittification Stage?

https://blog.the-ebook-reader.com/2025/10/09/has-kobo-reached-the-enshittification-stage/
4•CrypticShift•1h ago•0 comments

X-Copy on the Amiga

https://spillhistorie.no/2025/10/10/the-story-of-x-copy-on-the-amiga/
4•harel•1h ago•0 comments

Draw your font Chrome extension

https://chromewebstore.google.com/detail/draw-your-font/ofoaoekajdidoaeombimdcjfbcpgjhpb
1•chandumachieni•1h ago•0 comments

Source of Truth Update – Friday, October 10, 2025

https://rubycentral.org/news/source-of-truth-update-friday-october-10-2025/
1•ksec•1h ago•0 comments