Philippines’ cybersecurity failures exposed as hackers leak state secrets, people’s data
- Hackers recently breached government servers to expose security weaknesses, with one claiming he got in with an easy-to-guess password
- The Philippines has been plagued by hacking attacks for years, but experts say officials were dismissive and slow to step up cybersecurity measures
All it apparently took for one Philippine hacker to break into a government website was “Admin123” – a password that reflects what experts say is the authorities’ lax attitude towards cybersecurity that not only leaves millions of Filipinos vulnerable to identity theft but has exposed some of the country’s top military secrets.
On October 3, hackers released a massive trove of personal data from the servers of the Philippine Health Insurance Corporation (PhilHealth), after the state insurer refused to pay a ransom of US$300,000. The breach affected millions of people, including domestic residents and overseas Filipino workers in places such as Hong Kong.
Late on the same day, a Filipino hacker said during a live discussion on X, formerly Twitter, that he had broken into at least five major government agencies and downloaded gigabytes of data, apparently to expose the security weaknesses of the websites.
The man, who called himself DiabloX Phantom, claimed he was a 19-year-old hacker from southern Davao city, who once worked in government as part of a “red team” – a group hired to challenge cybersecurity controls.
He told This Week in Asia: “I’m a hacktivist and I’m angry that these problems have long been known and openly pointed out but the government has done nothing to address them.”
This Week in Asia was unable to independently verify the true identity of the person claiming to be DiabloX Phantom.