GCash: Accounts safe; still no proof of hacking

PROBE STILL ONGOING A cybersecurity group claimed last week that around 200,000 data subjects were affected by the alleged data breach although GCash said it had yet to find any evidence its system was hacked. —INQUIRER FILE PHOTO

PROBE STILL ONGOING A cybersecurity group claimed last week that around 200,000 data subjects were affected by the alleged data breach although GCash said it had yet to find any evidence its system was hacked. —Inquirer file photo

MANILA, Philippines — The probe of the alleged data breach against popular e-wallet GCash continues to take place as cybersecurity group Deep Web Konek claimed that the amount of potentially compromised data might be even bigger than previously reported.

The Ayala-led company said on Monday that no indication of hacking had been found yet, adding that accounts of GCash users have remained safe.

Last week, Deep Web Konek reported that a cybersecurity attack was launched by threat actor KryptonZombie against the know-your-customer (KYC) system of GCash.

READ: NBI arrests media outlet’s data officer, 2 others for hacking gov’t websites

KYC is the process of verifying the account user’s identity as a way to mitigate fraud, money laundering and other cybersecurity risks for financial institutions. This requires users to submit personal data like valid IDs and digital signatures, making the system an attractive target for hackers.

The group said that some 200,000 data subjects linked to GCash KYC system were potentially affected.

But it later claimed that the cyberattack was “much bigger” and the number of compromised data subjects could actually be in the “millions.”

Sensitive documents

“[Our] team has new findings and found out that more sensitive documents are exposed,” it noted.

These included statements of accounts from several banks, national IDs, government employee IDs, company IDs and pay slips.

Deep Web Konek stressed that the “breach highlights the urgent need for robust security measures to protect user data.”

GCash said it was working with regulators and authorities in investigating the matter.

This was not the first time it dealt with a cybersecurity issue. Just last year, the e-wallet received numerous complaints over unauthorized deductions in its users’ account balances, which it was able to restore eventually.

GCash explained that no hacking was involved. Instead, it explained there were deliberate phishing attempts, a fraudulent activity whereby hackers trick victims into providing their personal information, such as contact details. Getting ahold of this information can allow hackers to take over one’s account.

Safety feature

In response, GCash fully rolled out “DoubleSafe” Face ID feature, which is activated for every first login to a new device by the user. It is backed by facial recognition, which prevents hackers from accessing the account despite tricking users into giving their mobile PIN (MPIN) and one-time PIN (OTP).

It also inked an information-sharing pact with the National Bureau of Investigation in January to strengthen initiatives against cybercriminals, formalizing their already ongoing cooperation.

GCash, on its part, monitors potential suspicious activities in its platform, which will then be reported to the NBI for further investigation.

Read more...