Philippine Senate email domain, security documents for sale on the dark web, warns data analyst

October 9, 2023 - 2:20 PM
Photo of security protection antivirus from Pixabay

A data analyst warned the public about government emails and national security documents spotted on the “dark web.”

Dominic Ligot, a board member of the Philippine Center for Investigative Journalism (PCIJ), uploaded screenshots of this supposed leaked data on his X account on Sunday, October 8.

Ligot described the dark web as a “thriving black market” for personal information, including email addresses and passwords.

“Just be aware that there is a thriving black market on leaked data on the dark web and social networks. Used for identity theft, financial crime, blackmail, and more. In these two recent screenshots, NICA [National Intelligence Coordinating Agency] documents and .gov emails with passwords are for sale,” the researcher posted.

These screenshots came from the Facebook page Deep Web Konek (DWK), a group dedicated to reporting activities in the dark web.

On October 4, in two separate posts, the DWK said there were supposed data breaches in NICA and the Senate of the Philippines’ official email address.

In the post on NICA, the group said that 500 megabytes of “leaked documents” from the NICA database were posted in a “hacker forum” last March.

Documents containing “confidential and secret information” were allegedly being sold starting at $500 (P28,400).

Details of the files posted in the supposed hacker forum were listed in the DWK’s post.

In the other Facebook post, the DWK mentioned the Philippine Senate’s email domain as among the affected domains of an “unauthorized mail access sale.”

The selling price of government organizations’ email domains supposedly starts at $300 (P17,000).

“An unauthorized mail access sale are detected allegedly belongs to governmental organizations that operate in multiple countries are being sold in a certain forum in a report of Socradar,” the group said in the post.

According to the DWK, the affected domains belong to multiple governments including Nigeria, Kenya, the Philippines, Lebanon, Laos and Brazil.

Update on the latest cyber attack

Neither NICA nor the Senate has issued a statement about the alleged data breach in their systems.

PhilHealth, meanwhile, advised its members and employees to change their account passwords and enable multi-factor authentication and other precautionary measures following the Medusa ransomware attack last September 22.

RELATED: After Philhealth cyber attack: DICT, PNP-ACG recommend steps to prevent ransomware 

PhilHealth chief Emmanuel R. Ledesma Jr. said this in a statement uploaded on the state insurer’s social media accounts on Sunday, October 8.

“Using the stolen data, the hackers will likely target members through calls, emails, or text messages. Let us then heed the advice of authorities to refrain from clicking doubtful links or providing passwords or OTPs. It is best to ignore suspicious calls, and to delete text or emails instead from unknown and suspicious senders,” Ledesma said.

Prior to this, the agency assured members that the servers containing members’ private information were not affected by the incident.

PhilHealth’s “application servers and employees’ workstations” were the “compromised” ones.

RELATED: Are your emails safe? After PhilHealth cyber attack, here’s how to spot data breach 

The National Privacy Commission, meanwhile, is also conducting a probe on the liability of PhilHealth in the data privacy fiasco.

“As for PhilHealth’s liability, we are currently assessing whether negligence was involved on its part before making any definitive statements, but in addition to negligence we are also looking if there is concealment and possible imposition of administrative fines,” the NPC was quoted in a report as saying.