164 Million Zing Records Exposed: Personal Data Protection

164 Million Zing Records Exposed: Personal Data Protection


On January 23, 2024, Forbes reported the largest data breach in history, with 26 billion personal profiles leaked from online platforms. Among them, 164 million profiles belonged to Zing users, a leading media and entertainment platform in Vietnam.

This breach not only jeopardizes users' privacy and safety, but also has an impact on related businesses, as hackers could exploit this data for cyberattacks, fraud, or identity theft.

In light of this situation, businesses and users need timely and effective personal data protection measures. R Digital is a company specializing in data security and privacy solutions, with years of experience and reputation in this field. In the article below, we'll look deeper into this massive data breach and how to protect your personal information from network threats using R Digital technology.  

og 164 million zing records exposed personal data protection

1. Zing Among the Top Platforms with the Most Data Leaks

Zing.vn, managed by VNG, offers a variety of online services like games, payment solutions, and entertainment info. It includes Zalo messaging, Zing MP3 for music, Zing Me social network, ZNews for electronic magazines, and more. 

Zing currently boasts tens of millions of users, dominating a significant portion of the media market in Vietnam (with Zalo and Zing MP3 alone having 75 million and 28 million active users, respectively, as of 2023).  

According to Cyber News' report, Zing has 164 million user profiles in the largest-scale data breach in internet history, known as the Mother of all Breaches (MOAB). The exposed information includes personal details such as email addresses, passwords, phone numbers, birthdates, and addresses. Zing ranks as the 13th most affected platform, specifically:

zing among the top platforms with the most data leaks

According to VNG representatives, the leaked data from Zing dates back to the incident in 2018 when a hacker posted information about 163 million Zing ID accounts on Raidforums. These accounts are related to gaming profiles and not user data. VNG stated that they have assisted customers in transitioning to a new login system with higher security and have not recorded any incidents related to this issue. However, security researchers still warn that the leaked data could be exploited by malicious actors for fraudulent activities, identity theft, or unauthorized access to users' social media accounts. 

2. Unpredictable Dangers from Personal Data Leakage

unpredictable dangers from personal data leakage

For Internet users 

Personal data is sensitive and important information, relating to the identity, preferences, behavior, finance, health… of users. When this data is leaked, users may lose control and protection of their information, and face many risks and damages such as: 

  • Unauthorized login: If you reuse usernames, email and passwords for multiple accounts, hackers can use the login information they get from one account to access other accounts. 
  • Loss of reputation and credibility: Hackers can exploit your social media accounts to deceive your friends, relatives and contacts, affecting your honor and reputation. 
  • Financial fraud: Hackers can use the leaked data to take over bank accounts and credit cards, or make illegal transactions. 

For businesses

Not protecting or leaking user data can expose businesses to these risks:

  • Heavy fines under data protection and privacy laws, such as GDPR, CCPA, CCPA, etc. Fines can reach millions of dollars or a percentage of annual revenue. 
  • Loss of trust and confidence from customers, partners and shareholders. User dissatisfaction can erode trust and loyalty towards the business, leading to decreased sales, profits, and market value.
  • Attacked by hackers, cybercriminals and harmful third parties, they can exploit and steal sensitive, secret, or strategic information to extort or damage the business.

3. Protect Personal Data With R Digital’s Technology Solutions

In light of the Zing data breach, users across all platforms are advised to utilize Cybernews' free checker to determine if their accounts have been compromised. Subsequently, change the login passwords for all your accounts immediately. To avoid credential stuffing attacks, opt for strong and non-repetitive passwords.

Furthermore, refrain from sharing personal information unless absolutely necessary. In the long run, prioritize using online services provided by businesses that have implemented personal data protection measures and respect your privacy.

As an organization or business, you must conduct a self-check to assess whether your website and application are at risk of leaking user personal data. Then, take measures to address and rectify the issue promptly. You can check now by entering your website or a competitor's address at:https://privacyscanner.aesirx.io/.

protect personal data with r digitals technology solutions

R Digital offers a Privacy Review service that can help businesses detect privacy violations, provide appropriate and detailed strategies for regulatory compliance and protect users’ personal data. 

For only $2,495 USD, this service includes the following:

1. Assessment of your entire system/website, as well as data collection, storage, sharing, and usage methods.

2. Focuses on analyzing and ensuring compliance with industry standards and legal regulations.

3. Detailed and comprehensive reports, proposing innovative strategies.

4. Offers complete personal data protection solutions, included within our service, to enhance management and marketing effectiveness. Leading solutions include:

  • AesirX Analytics: A privacy-focused website analytics solution (no cookies or third-party data).
  • AesirX Business Intelligence (BI): Offers detailed insights to understand customers and optimize business performance while adhering to privacy regulations.
  • AesirX Shield of Privacy: Protects privacy with Consent Management features, giving users full control over their data.
  • AesirX First-Party Server: Safely storing and processing data to ensure the security of users' personal information. 

5. Post-service care, including automatically scanning and checking your system/website weekly to identify areas for change or improvement. The goal is to ensure regulatory compliance while meeting the growing needs of the market. 

Personal data protection is not only the responsibility of individuals but also of businesses. Contact R Digital for assistance, or learn more about our solutions on our website.

Have the same challenge?