A group of as-yet unidentified hackers has taken the allegedly stolen Commission on Elections data and re-posted it on Thursday, April 21, as a searchable database on an independent site.
The site was put on the same day the National Bureau of Investigation arrested a person who was one of those allegedly involved in the recent defacement and supposed leakage of data from the Comelec website.
The site allows a user to gain access to a person's basic personal data by just keying in his or her name.
In a statement, Comelec spokesman James Jimenez said the NBI is already investigating what he called the "hacker website."
He called on the public not to use the site.
"In the meantime that [the NBI investigators] have not furnished us a copy of their findings, we advise the public not to use the hacker website as it can be used by the hackers to steal your information and thus expose you even further to the dangers of identity theft," Jimenez said.
"We also cannot rule out at this stage that this may be an attempt by the hackers to monetize the data they claim to have," he added.
Massive data leak
On March 27, a cyberattack on the Comelec website by hackers claiming affiliation with Anonymous Philippines allegedly compromised the personal details of millions of Filipino voters.
"Our research showed that massive records of personal identifiable information, including fingerprints data were leaked. Included in the data Comelec deemed public was a list of Comelec officials that have admin accounts," noted cybersecurity firm Trend Micro.
A raw version of the alleged stolen database has been floating around online since the attack, but it has now been reposted in a format that is easier for cybercriminals to search for specific entries.
"Hackers just hack and download data from websites but we make it accessible for anyone. It's one thing to hear news about a huge data leak and another to see your data in a public website. Maybe, at least now, government will start thinking about security of citizens' personal data," the hackers explained.
Early Thursday morning, the NBI Cybercrime Division announced the arrest of a 23-year-old hacker who was allegedly involved in the Comelec heist. The agency is still hot on the heels of two other suspects.
NBI Cybercrime Division chief Ronald Aguto said the agency is also looking into the extent of the data breach. At the moment, he could not say whether the data they discovered indeed came from the poll body.
"We cannot ascertain unless we're done with a full forensic (examination) of the computer... As far as the NBI is concerned, we cannot say (yet) if it's Comelec data," he said.
He added: "Hopefully, kapag binuksan 'yung computer niya, mas may makita tayong information na makakatulong sa imbestigation... There is an effort to retrieve whatever is out there. It's still too early to say kung gaano kalaki 'yung nakuha nila." — NB/GMA News