Pierluigi Paganini April 07, 2016

Anonymous Philippines hacked the COMELEC database, the incident exposed records of more than 55 million voters, it is the biggest gov-related data breach.

A few days ago I reported the news on the availability online of a database containing data of more than 50 million Turkish citizens, now IT security community is discussing another clamorous data breach occurred in the Philippine where a massive data breach have exposed the records of more than 55 million voters. The data breach occurred a few weeks before the national elections in the Philippines, scheduled for 9 May.

A couple of weeks ago, on 27 March 2016, Anonymous Philippines has hacked the Philippines’ Commission on Elections (COMELEC) website, they defaced it, but a second hacker collective, LulzSec Pilipinas has published online the entire database of the COMELEC.

Anonymous Philippines warned COMELEC to improve the security of the vote-counting machines.

In a first time, COMELEC officials downplayed the data breach declaring that no sensitive information was compromised.

“I want to emphasise that the database in our website is accessible to the public,” declared the Comelec spokesperson James Jimene.“There is no sensitive information there. We will be using a different website for the election, especially for results reporting and that one we are protecting very well,” he added.

The archive is full of sensitive data, including personal and passport information and fingerprint data, and unfortunately, not all the records were encrypted.

LulzSec Pilipinas released 16 databases from the Comelec website for a total number of 355 tables.

“Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). ” reported Trend Micro who is investigating the case.

“Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible for everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and list of peoples running for office since the 2010 elections.”

This is the biggest government-related data breach,it exposed more than double of the number of records exposed in the US government’s Office of Personnel Management (OPM) hack that resulted in 21.5 million people being exposed to an unknown party.

And now …

More than 55 million voters are exposed to the risk of cyber attack. Cyber criminals and state-sponsored hackers  can use the information to carry on a wide range of malicious activities, including scams, espionage campaigns and extortion.  In previous cases of

“In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more.” concluded TrendMicro.

Pierluigi Paganini

(Security Affairs – Anonymous Philippines, hacktivism)

[adrotate banner=”5″]

[adrotate banner=”13″]