VNG 2015 Data Breach

VNG Corporation Zing.vn Vietnamese Tech Platform Breach (2015): Over 163 Million User Accounts With Passwords & Personal Data Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

TechnologyGamingDate of BirthEmail AddressFull NameGenderIP AddressJob InformationPasswordPhone Number
Low SeverityWebsite / service breach

VNG Corporation Zing.vn Vietnamese Tech Platform Breach (2015): Over 163 Million User Accounts With Passwords & Personal Data Exposed

Vietnamese technology company with gaming, payments, cloud, and internet services.

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
584dSince Breach

Breach Intelligence Summary

Entity: VNG · Actor: Unknown · Sources: 4 references
Attack: Unknown
Profile: Company · Technology and internet services · Digital platform ecosystem · Vietnam
Timeline: Breach (2015-05-19) · Year (2015)
Exposure: 163M records · 11 fields: Date of Birth, Email Address, Full Name, Gender, IP Address, Job Information, Password, Phone Number, Physical Address, Relationship Status, Username
Status: Confirmed

Executive Summary

In May 2015, VNG Corporation’s Zing.vn platform suffered a data breach that exposed over 163 million user accounts (about 25 million unique email addresses). The compromised data included usernames, unsalted MD5 password hashes, emails, phone numbers, names, dates of birth, genders, IP addresses, home addresses, marital statuses, and occupations. The breach became public in April 2018 when the data appeared on hacking forums and was later added to Have I Been Pwned (via dehashed.com); it resurfaced in 2024 within larger leaked-data compilations. No specific threat actor or intrusion vector has been reliably established. (Note: a "passport" field cited in one catalog was not corroborated by HIBP or Vietnamese authorities and is treated as unconfirmed.)

ObscureIQ assessment: High risk due to ecosystem breadth. Exposure enables account takeover, fraud, phishing, and cross-service identity linkage across gaming, media, and communications products.

Breach Impact

The breach exposed credentials (unsalted MD5 password hashes) alongside emails, names, dates of birth, addresses, and other profile data for over 163 million accounts, one of the largest breaches in Vietnamese history. Weak password hashing makes account takeover and credential stuffing highly feasible, and the combination of contact and profile data supports large-scale phishing and identity linkage across VNG’s services and beyond.

About VNG

VNG Corporation is a major Vietnamese technology company (founded 2004) operating a broad internet ecosystem including online gaming, the Zalo messaging platform, ZaloPay digital payments, Zing entertainment/media, and cloud services. Through Zing.vn and related products it maintained tens of millions of user accounts with identity, contact, and credential data.

Why They Hold Your Data

Digital platform ecosystems collect user identity, contact details, gaming records, payment data, messaging activity, and service-linked behavioral data across multiple internet services.

Recent Developments

The 2015 Zing.vn breach became public in April 2018 when the data was found trading on hacking forums, prompting a VNG apology and Vietnamese Ministry of Public Security involvement. The dataset resurfaced in 2024 within larger leaked-record compilations (e.g., on BreachForums). VNG has continued to grow into one of Vietnam’s largest tech firms and a regional gaming and fintech player.

Data Points Exposed

11 verified field types
Date of Birth High
Email Address
Full Name High
Gender
IP Address
Job Information
Password Critical
Phone Number
Physical Address High
Relationship Status
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Credential stuffing and account takeover against reused passwords (unsalted MD5, easily cracked)
  • Identity verification bypass using name + date of birth
  • Large-scale targeted phishing using exposed emails and profiles
  • SIM swap attacks where phone numbers are present
  • Doxxing and profiling from address, occupation, and marital-status data
Threat vectors:
  • Credential stuffing & account takeover
  • Password hash cracking (unsalted MD5)
  • Phishing, credential stuffing & account takeover
  • Identity verification bypass
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Profile enrichment
  • Cross-platform tracking & credential stuffing

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the VNG breach?

In May 2015, VNG Corporation’s Zing.vn platform suffered a data breach that exposed over 163 million user accounts (about 25 million unique email addresses). The compromised data included usernames, unsalted MD5 password hashes, emails, phone numbers, names, dates of birth, genders, IP addresses,…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Gender, IP Address, Job Information, Password, Phone Number, Physical Address, Relationship Status, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
BreachForums_Official_Index
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation