The National Privacy Commission (NPC) revealed on Tuesday, Feb. 23, that around 3.3 million users of Cashalo are affected by the ongoing data leak on the online lending app.
Based on its preliminary probe on the data security issue, the NPC said online posts about the data-dumping started to appear in different cyber forums as early as February 14.
The privacy body said a certain hacker under the name “creepxploit” is selling the personal data of 3.3 million users of Cashalo containing their usernames, passwords, e-mail addresses, phone numbers, and device identifications.
The seller posted the hacked information on online forums “cybleinc.com” and “RaidForums”, even providing sample data for potential buyers, according to the NPC.
“Given the facts of the report, the user may have successfully downloaded files from the database of the application, for which is still up for selling as of February 22, 2021,” the agency said.
The NPC also said it received the breach report filed by Cashalo via email last February 19 at 9:58 in the evening.
In view of this confirmation, the NPC said it has summoned Cashalo’s data protection officer to provide additional information as part of its ongoing monitoring and investigation on the breach incident.