ChungHwa Telecom, the largest telecommunications operator in Taiwan with its official website cht.com.tw, faces the risk of Account Takeover (ATO).

According to the detection by THUD TECHNOLOGY PTE. LTD. (darkweb.vc), tens of thousands of users have been impacted, potentially exposing them to risks such as privacy breaches, phone bill leaks, and fraud. When attackers successfully execute an ATO attack, they can gain access to the users' entire registration and private information stored on the cht.com.tw website. Furthermore, they can perform unauthorized operations within the scope of the account's permissions, such as making changes to service subscriptions, accessing call records, and even engaging in fraudulent activities. The impact on these users is significant.

We recommend notifying the website's members of the leaked login credentials through 'Dark Web Reports', urging them to promptly update their credentials. Regardless of whether 2FA is implemented, securing leaked accounts by locking them and resetting login credentials is a robust security measure. Additionally, it’s advisable to alert affected users to change their passwords immediately. DarkWeb.vc offers highly cost-effective intelligence on login credential leaks to enterprises.