Advertisement

Philippines’ cybersecurity failures exposed as hackers leak state secrets, people’s data

  • Hackers recently breached government servers to expose security weaknesses, with one claiming he got in with an easy-to-guess password
  • The Philippines has been plagued by hacking attacks for years, but experts say officials were dismissive and slow to step up cybersecurity measures

Reading Time:6 minutes
Why you can trust SCMP
2
A man tries to access the login page of Philippine Health Insurance Corporation (PhilHealth) in Manila on October 9. Photo: AFP

All it apparently took for one Philippine hacker to break into a government website was “Admin123” – a password that reflects what experts say is the authorities’ lax attitude towards cybersecurity that not only leaves millions of Filipinos vulnerable to identity theft but has exposed some of the country’s top military secrets.

Advertisement

On October 3, hackers released a massive trove of personal data from the servers of the Philippine Health Insurance Corporation (PhilHealth), after the state insurer refused to pay a ransom of US$300,000. The breach affected millions of people, including domestic residents and overseas Filipino workers in places such as Hong Kong.

Last Sunday, the homepage of the Philippines’ House of Representatives was defaced with a drawing of a smiling troll face and had to be taken offline. It is currently under maintenance.
People use their phones on a train in Manila. The breach into PhilHealth servers affected both domestic residents and overseas Filipino workers. Photo: Shutterstock
People use their phones on a train in Manila. The breach into PhilHealth servers affected both domestic residents and overseas Filipino workers. Photo: Shutterstock

Late on the same day, a Filipino hacker said during a live discussion on X, formerly Twitter, that he had broken into at least five major government agencies and downloaded gigabytes of data, apparently to expose the security weaknesses of the websites.

The man, who called himself DiabloX Phantom, claimed he was a 19-year-old hacker from southern Davao city, who once worked in government as part of a “red team” – a group hired to challenge cybersecurity controls.

He told This Week in Asia: “I’m a hacktivist and I’m angry that these problems have long been known and openly pointed out but the government has done nothing to address them.”

This Week in Asia was unable to independently verify the true identity of the person claiming to be DiabloX Phantom.

Advertisement
Advertisement