Brinztech Alert: Database of Haravan (Vietnamese Commerce Platform) is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a 10GB database belonging to Haravan, a major Vietnamese omnichannel commerce platform. The dataset reportedly contains over 5.3 million records.

This claim, if true, represents a critical supply chain breach impacting the Vietnamese e-commerce ecosystem. My analysis confirms Haravan is a leading technology solution provider in Vietnam (comparable to Shopify), powering thousands of businesses and retailers. A breach here is not just a single company loss; it is a compromise of every merchant and end-customer utilizing the platform.

This incident fits into the catastrophic, systemic data breach crisis currently overwhelming Vietnam in late 2025. It follows:

• September 2025: The massive 160 million-record breach of the National Credit Information Center (CIC).
• October 2025: The 23 million-record breach of Vietnam Airlines.
• The “Appsim” Leak: A 10 million-record breach of a SIM platform reported just days prior.

The leaked Haravan data, which includes email addresses, phone numbers, full names, dates of birth, and gender, is being offered for a “one-time sale.” This exclusivity often indicates the data is fresh and has not yet been widely circulated, increasing its value for targeted fraud and credential stuffing.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• SaaS Platform Vulnerability (Supply Chain): The compromise of an omnichannel SaaS provider like Haravan highlights a critical supply chain risk. A breach in such a central platform cascades down to thousands of small and medium businesses (SMBs) who rely on Haravan for their security.
• Significant PII Exposure: The breach of over 5.3 million records containing sensitive PII (emails, phones, full names, DOB, gender) presents a high risk for identity theft, fraud, and sophisticated social engineering attacks against Vietnamese consumers.
• Increased Attack Surface for Credential Stuffing: The exposed email addresses create a rich dataset for credential stuffing attacks. Since users often reuse passwords between shopping accounts and other services, this leak puts unrelated accounts at risk.
• Immediate Monetization: The listing of the database for a “one-time sale” on a dark web forum indicates threat actors are actively seeking to monetize the stolen data quickly, likely before the vendor can force password resets.

Mitigation Strategies

In response to this claim, Haravan and all merchants using the platform must take immediate action:

• Review Third-Party Risk Management: Merchants utilizing SaaS platforms like Haravan must activate their third-party risk assessment protocols. They should assume their customer data hosted on the platform is compromised and prepare for customer inquiries.
• Proactive Customer Notification: Haravan should promptly and transparently inform all potentially affected merchants and end-users about the data breach, advising them to change passwords and be vigilant against phishing.
• Immediate Forensic Analysis: Conduct a comprehensive forensic investigation to confirm the breach, identify the root cause, and determine if the attacker still maintains access to the SaaS backend.
• Enforce Multi-Factor Authentication (MFA): Haravan must enforce mandatory MFA for all merchant accounts to prevent account takeovers from the leaked credentials.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com