Anonymous Philippines hacked the COMELEC database, the incident exposed records of more than 55 million voters, it is the biggest gov-related data breach.
A few days ago I reported the news on the availability online of a database containing data of more than 50 million Turkish citizens, now IT security community is discussing another clamorous data breach occurred in the Philippine where a massive data breach have exposed the records of more than 55 million voters. The data breach occurred a few weeks before the national elections in the Philippines, scheduled for 9 May.
A couple of weeks ago, on 27 March 2016, Anonymous Philippines has hacked the Philippines’ Commission on Elections (COMELEC) website, they defaced it, but a second hacker collective, LulzSec Pilipinas has published online the entire database of the COMELEC.
Anonymous Philippines warned COMELEC to improve the security of the vote-counting machines.
In a first time, COMELEC officials downplayed the data breach declaring that no sensitive information was compromised.
“I want to emphasise that the database in our website is accessible to the public,” declared the Comelec spokesperson James Jimene.“There is no sensitive information there. We will be using a different website for the election, especially for results reporting and that one we are protecting very well,” he added.
The archive is full of sensitive data, including personal and passport information and fingerprint data, and unfortunately, not all the records were encrypted.
LulzSec Pilipinas released 16 databases from the Comelec website for a total number of 355 tables.
“Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). ” reported Trend Micro who is investigating the case.
“Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible for everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and list of peoples running for office since the 2010 elections.”
This is the biggest government-related data breach,it exposed more than double of the number of records exposed in the US government’s Office of Personnel Management (OPM) hack that resulted in 21.5 million people being exposed to an unknown party.
And now …
More than 55 million voters are exposed to the risk of cyber attack. Cyber criminals and state-sponsored hackers can use the information to carry on a wide range of malicious activities, including scams, espionage campaigns and extortion. In previous cases of
“In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more.” concluded TrendMicro.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.