The National Privacy Commission (NPC) on February 19, 2021, through an official statement, revealed that it has come to its attention that client data from Cashalo, a cash-loaning application operated by Oriente Express Techsystem Corporation, is being reportedly sold on the dark web.
“Rest assured that the Commission has already started investigating this matter,” Atty. Michael R. Santos, the OIC-Chief of the Complaints and Investigation Division of NPC, then stated.
— Privacy.Gov.PH (@PrivacyPH) February 19, 2021
Following this, on Tuesday, February 23, 2021, the commission has disclosed further details on the alleged Cashalo data breach, stating that it did a preliminary probe on the data security issue. Here are some of the details the NPC has found out.
“Initial findings show that huge amounts of personal data from Cashalo are being dumped and sold on different cyber forums since February 14, 2021. A certain user named “creepxploit” sells data of 3.3 million users of Cashalo containing their usernames, passwords, e-mail addresses, phone numbers and device identifications on two sites on the dark web.”
– National Privacy Commission
NPC suspects that “creepxploit” has successfully downloaded files from the database of Cashalo. And according to the commission, it signifies a potential breach on the application.
The NPC has reached out to Cashalo and stated that it has already received Cashalo’s breach report. As of February 23, the commission revealed that it is still monitoring the case.
— Privacy.Gov.PH (@PrivacyPH) February 23, 2021
For More News and Updates