Brinztech Alert: The Alleged Database of Thanh Hóa FC Forum is Leaked

Dark Web News Analysis

The dark web news reports a data breach involving the Thanh Hóa FC Forum (forum.thanhhoafc.vn), a community platform for fans of the Vietnamese football club Dong A Thanh Hoa FC. Although the forum is now defunct, a threat actor has leaked a database dating back to November 2019.

The compromised dataset contains 339,364 records. The exposed fields include Usernames, Email Addresses, IP Addresses, and Password Hashes (MD5 with Salt). The breach was reportedly facilitated by exploiting CVE-2019-16759, a critical Remote Code Execution (RCE) vulnerability found in vBulletin forum software, which was widely exploited during that period.

Key Cybersecurity Insights

Breaches of “dead” or archived websites are often underestimated, but they serve as prime fuel for credential stuffing attacks:

• The “Zombie” Data Risk: Users often forget about accounts they created years ago on forums that no longer exist. Because they can’t log in to delete the account or change the password, this “zombie data” remains a permanent vulnerability if they reused that same password on modern banking or social media sites.
• Weak Hashing (MD5): The passwords were hashed using MD5, an algorithm that is now considered cryptographically broken. Even with “salt” (random data added to the hash), modern GPU clusters can crack hundreds of thousands of MD5 hashes in minutes, converting this leak into a list of plaintext passwords.
• CVE-2019-16759 Exploitation: This specific CVE was a plague on the internet in 2019/2020. It allowed attackers to take over vBulletin forums instantly without authentication. The leak confirms that many administrators failed to patch or properly decommission their sites, leaving user data exposed on abandoned servers.
• Targeting Football Fans: The user base consists of football enthusiasts. Attackers often target this demographic with Gambling/Betting Scams or phishing emails related to “Exclusive Match Tickets,” knowing the victims have a history of engaging with football content.

Mitigation Strategies

To protect personal security against historical leaks, the following strategies are recommended:

• Password Hygiene: If you ever had an account on forum.thanhhoafc.vn (or any vBulletin forum circa 2019), ensure you are not using that same password on any current accounts today.
• Credential Monitoring: Use services like HaveIBeenPwned or Brinztech’s monitoring tools to see if your email appeared in this specific dump.
• Decommissioning Protocol: For organizations, this is a lesson in “End of Life” management. When shutting down a forum or website, the user database should be securely wiped, not just left offline on a server where it can still be scraped or hacked.
• Email Security: Be skeptical of unsolicited emails regarding football betting or lottery wins, as your email address is now associated with a “Football Fan” tag in underground marketing lists.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com