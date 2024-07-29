An actor going by the handle BitBanish has claimed that he has put the subscriber data of streaming service Vivamax up for sale on an international hacking forum last Friday, July 26.

Vivamax, a subsidiary of Viva Communications, is an extremely popular video-on-demand Internet streaming service also known for risque content in its video catalogue. Launched in early 2021, it boasts of an international audience and has grown to 11 million subscribers in just three years.

Based on the hacking forum post by BitBanish, the data being sold consists of over 2.08 gigabytes of JSON (JavaScript Object Notation) formatted content with over 6.8 million lines of member/subscriber data, with an additional 1 gigabyte of subscriber transaction data that has multiple transaction rows per line.

Screenshot courtesy of Deep Web Konek

These include full names, phone numbers, email addresses, countries of registration, account creation dates, subscription IDs, subscription start and end time, subscription types (Google Pay, Huawei Pay, credit card, Apple Pay, PayMaya, Gcash, etc) for the subscriber data.

BitBanish claims that the data was obtained via API scraping authenticated with administrator privileges.

Screenshot courtesy of Deep Web Konek



Screenshots of samples obtained by Deep Web Konek, a cybersecurity advocacy organization that was one of the first groups to make the public aware of the breach, show that the subscriber data may be comprised of multiple lines per subscriber entry.

If the sample screenshot format matches that of the main JSON file data set, it could mean that there is a significantly lower number of victims for the portion of the subscriber database that was scraped, possibly in the hundreds of thousands instead of millions.

If, however, the sample data JSON was reformatted to multiple lines to make it easier for humans to read and that there was actually one entry per line in the main dataset, this means there really might be over 6.8 million victims in the breach.

Media statement – Data breach incident affecting Vivamax user data#Vivamax pic.twitter.com/NgHi0MIKNV — Vivamax (@VivamaxPH) July 27, 2024

Vivamax released a statement on Saturday, July 27, that they would like to assure the public that they were taking the matter very seriously and that they are exhausting all means to investigate and verify the breach and its possible scope.

The company also stated that they had implemented appropriate protocols to secure their system and further protect data against unauthorized access while conducting their investigation.

In the wake of this, potential victims are advised to take the following precautions: