Vietnam 30-million student records sale
A hacker using the alias 'meli0das' put the records of more than 30 million Vietnamese students and staff up for sale on a hacking forum for $3,500 in Monero, allegedly sourced from a major education platform.
- Victim
- Vietnamese students (education platform data)
- records
- 30.0M
- users
- 30.0M
In July 2022, a threat actor using the alias 'meli0das' advertised a database of more than 30 million Vietnamese students, teachers and education staff for sale on an underground hacking forum. Priced at $3,500 in Monero, the trove — if genuine at full scale — would rank among the largest breaches in Vietnam's history, touching roughly one-third of the country's population.
What happened
The seller, who had registered on the forum in June 2022, claimed to have obtained the records from a major Vietnamese education platform / website. They asserted the data had "never been leaked" before and offered proof samples only to buyers who could demonstrate sufficient funds.
To establish credibility, meli0das published a sample of around 70 records — most of them belonging to teachers — which researchers reviewed and found consistent with genuine education-system data.
What was exposed
According to the listing and the published sample, each record contained:
- Full names
- Email addresses and contact details
- Dates of birth
- Students' grades / academic results
- School name and location
The same actor separately offered a smaller set of 360,000 student records from another educational institution, suggesting access to multiple sources rather than a single isolated breach.
Payment and motive
The asking price of $3,500 had to be paid in Monero (XMR), a privacy-focused cryptocurrency favored by criminals because its transactions are far harder to trace than Bitcoin. The motive was straightforwardly financial — the data was offered for sale, not used for extortion or leaked freely.
Why it matters
The incident landed amid a wave of large-scale Vietnamese data leaks that prompted national concern. Education datasets are especially sensitive because they concern minors and combine identity details with contact information — ideal raw material for phishing, fraud and targeted scams against families.
Coming after VNG's Zing ID exposure and other mass leaks, the 30-million-record student sale reinforced a recurring warning from security researchers: that Vietnam faces a structural data-leakage problem, with vast citizen and student datasets poorly secured and repeatedly surfacing on criminal markets. It added urgency to enforcement of Vietnam's emerging Personal Data Protection Decree and to demands for stronger safeguards around government and education systems. The breach was never publicly attributed to a known actor or fully remediated.
Timeline
An account named 'meli0das' registers on an underground hacking forum.
The actor advertises over 30 million records from a Vietnamese education platform for $3,500 in Monero.
To prove authenticity, the seller publishes a sample of about 70 records, mostly teachers.
The sale is publicly reported; researchers warn it could be one of the largest breaches in Vietnam's history.
The same actor offers a separate set of 360,000 student records from another institution.
Sources
- izoologic.comhttps://izoologic.com/2022/07/14/over-30m-of-school-records-in-vietnam-gets-sold-by-a-hacker
- e.vnexpress.nethttps://e.vnexpress.net/news/news/vietnam-has-a-big-data-leak-problem-4501707.html
- cyberlands.iohttps://www.cyberlands.io/topsecuritybreachesvietnam
- cybernews.comhttps://cybernews.com/security/vietnam-data-breach-exposes-entire-population/