Facebook user data sold publicly in Vietnam

The reality of Facebook account information disclosure in Vietnam is similar to the case of 50 million Facebook users in the US having their data sold. "Selling files of 20,000 new car buyers, guaranteed super standard, super quality. Guaranteed quality for those who sell accessories, car tuning, insurance business"... is the announcement of a member in a Facebook group specializing in discussing marketing. This person also confirmed that "data is filtered from VIP Facebook groups and only sold to the first 5 people to avoid being 'broken'".

Offers to sell user data have been around for a few years in Vietnam, and as Facebook has grown, this “item” has become more popular and is being sold openly. The information offered for sale often includes full name, phone number, email, location, and interests or hobbies of Facebook users.

The situation of Facebook account information being leaked in Vietnam is similar to the case of 50 million Facebook users in the US having their data sold.

According to Mr. Phan Van Hoi, team leader of a media company in Hanoi, "Facebook user data has long been no longer private." Currently, there are dozens of computer applications created by developers to scan Facebook User IDs (UIDs) and then retrieve related information. "With an amount of money ranging from several hundred thousand to several million per month to buy the above application, you can filter the private data of Facebook members for any purpose," he said.

UID is likened to the ID card number that Facebook issues to users and it is unique to accurately identify that person. From UID, scanning tools allow access to the data warehouse to get the full name, phone number, date of birth, gender, residence or public friend list of that person... then can be saved with an Excel file.

Similar to UID, there are also Group ID, Fanpage ID or Post ID... which are identification numbers of groups, fanpages or posts... From there, the software can filter out detailed information of group members, data of people who "liked" that fanpage or "liked" certain posts...

"For example, when scanning members in the Facebook group 'First-time pregnant mothers', the application will return a list of members with phone numbers, emails... From this data, advertisers can accurately market to the target audience through phone (telesale), email (spam mail) or Facebook advertising (custom audience)...", said Mr. Hoi.

According to Mr. Hoi, before June 2015, Facebook allowed direct advertising with UID, meaning advertisers could reach the exact audience they wanted. However, later, this social network stopped this form of advertising, but it was still possible to run indirect advertising through phone numbers or emails (except for addresses).[email protected]). Therefore, with some conversion tools, user data can be used for marketing and advertising purposes.

The above tools can get Facebook user information because the operating mechanism of this social network is still flawed and also because of the user's habits. "Applications on Facebook often require you to grant access to contacts, friends' information, addresses, education... but most of us click agree but do not read carefully," said Duc Hoang, an expert in the technology field. "After having access to almost the entire account, what data to get is just the whim of the creator of the above applications."

According to Mr. Hoang, loopholes in Facebook's privacy and security policies have helped hackers get their hands on data, and there are still other loopholes that hackers can exploit to get information. "I think if you don't want your information to be exposed, the only way for users is to not share anything on Facebook or share it in private mode, and not make friends with anyone," he said.

The situation of Facebook account information disclosure in Vietnam is similar to the case of 50 million Facebook users in the US having their data sold. A survey application on Facebook paid 270,000 participants and requested access to some information such as name, geographic location, gender, pages they "liked" and their friend list. As a result, 50 million people had their information collected without their knowledge, even though they did not directly install the application but still became victims because their friends used it.