Facebook user data is being sold publicly in Vietnam.
The phone numbers, email addresses, and locations of millions of Vietnamese Facebook users are being widely offered for sale.
The situation regarding leaked Facebook account information in Vietnam is similar to the case where the data of 50 million Facebook users in the US was sold. "Selling a file of 20,000 new car buyers, guaranteed to be super accurate and high-quality. Guaranteed quality for those selling accessories, car modifications, and insurance..." was the advertisement from a member of a Facebook group specializing in marketing discussions. This person also claimed that "the data is filtered from VIP Facebook groups and only sold to the first 5 people to avoid being 'ruined'."
The sale of user data is nothing new in Vietnam, having been around for several years now, and as Facebook has grown, this "commodity" has become even more common and openly sold. The information offered for sale typically includes the full name, phone number, email address, address, and interests or hobbies of Facebook users.
![]() |
| The situation regarding the leak of Facebook account information in Vietnam is similar to the case where the data of 50 million Facebook users in the US was sold. |
According to Phan Van Hoi, team leader at a media company in Hanoi, "Facebook user data has long ceased to be private." Currently, there are dozens of computer applications created by developers to scan Facebook User IDs (UIDs) and then obtain related information. "For a few hundred thousand to a few million dong per month to purchase these applications, you can filter the private data of Facebook members for any purpose you wish," he said.
A UID is like a national identity card number that Facebook assigns to users, and it's unique in order to accurately identify that person. From the UID, scanning tools can access the database to retrieve the person's full name, phone number, date of birth, gender, address, or public friend list... and then save it to an Excel file.

Similar to UID, there are also Group ID, Fanpage ID, or Post ID... which are identifiers for groups, fanpages, or posts... From these, the software can filter out detailed information about members in the group, data of people who have "liked" that fanpage or "liked" a specific post...
"For example, when scanning members of the Facebook group 'First-Time Pregnant Mothers', the application will return a list of members including their phone numbers, email addresses, etc. From this data, advertisers can target specific audiences through telephone (telesales), email (spam mail), or Facebook ads (custom audience)...", Mr. Hoi explained.
According to Mr. Hoi, before June 2015, Facebook allowed direct advertising using UIDs, meaning advertisers could reach their exact target audience. However, the social network later discontinued this form of advertising, but it is still possible to run ads indirectly through phone numbers or emails (excluding addresses).[email protected]Therefore, with a few conversion tools, user data can be used for marketing and advertising purposes.
These tools can obtain Facebook user information because of vulnerabilities in the social network's operating mechanism and also due to user habits. "Facebook applications often request access to your contacts, friend information, address, education, etc., and most of us agree without carefully checking," shared Duc Hoang, a technology expert. "Once they have access to almost all of your account, what data they take is simply up to the creator of these applications."

According to Hoang, loopholes in Facebook's privacy and security policies have allowed hackers to obtain data, and several other vulnerabilities still exist that hackers can exploit to steal information. "I think if users don't want their information leaked, the only way is to not share anything on Facebook, or share in private mode, and not add anyone as a friend," he said.
The situation regarding the leak of Facebook account information in Vietnam is similar to the case where 50 million Facebook users in the US had their data sold. A Facebook survey application paid 270,000 participants and requested access to certain information such as name, geographical location, gender, pages they "liked," and even their friend list. As a result, 50 million people had their information collected without their knowledge; some didn't even install the application but still became victims because their friends used it.



