Menu
Browse

Cyber Threat Actor: Erwincho

Actor Type Location Known Incidents
 Icon
Hacker
Russia
1 incident
Profile

Erwincho is the alias used by a threat actor who has been linked to a data disclosure incident involving Mobile World, a Vietnamese retailer. The actor’s location has been indicated as Russia in available reporting, though no further personal details are publicly confirmed. The activity came to light on November 6 2018 when Erwincho shared files on the hacking forum RaidForums that allegedly contained customer information from Mobile World.

The disclosed data included more than 5.4 million email addresses and 31,000 bank card numbers, with some entries later updated to show full 16‑digit card details. Customers verified that the leaked card numbers corresponded to purchases they had made at Mobile World stores, lending credibility to the claim that the data originated from the retailer’s transactions. Mobile World responded by denying a direct breach, stating that it does not store payment card information because card data is processed by third‑party point‑of‑sale terminals and online payment processors. The incident coincided with a noticeable drop in Mobile World’s market capitalization, reported as a loss of approximately VND650 billion (about USD 28.2 million) following the public revelation.

In addition to the customer data, Erwincho posted a file containing 61,000 email addresses purported to belong to Mobile World staff, using the format [email protected]. The actor also shared details about the locations of transactions that occurred between June 29 and July 18 2017, suggesting a temporal focus on a specific window of activity. All of the disclosed material was disseminated via RaidForums, with no mention of malware, specific intrusion tools, or particular initial‑access vectors in the available sources. No public attribution to a state sponsor, criminal consortium, or broader campaign has been established for Erwincho beyond this single reported incident.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source