The privacy body said a certain hacker under the name “creepxploit” is selling the personal data of 3.3 million users of Cashalo containing their usernames, passwords, e-mail addresses, phone numbers, and device identifications.
Online lending firm Cashalo issued a statement on Saturday, Feb. 20, saying its “IT security team discovered a potential data security incident involving a Cashalo-only database archive”.
According to a discussion thread in the Facebook page of Privacy.PH, the personal data being peddled at the dark Web appears to be legitimate although Cashalo has not yet submitted any breach incident report to the NPC.
Under the “Pay with Cashalo” scheme, travelers can book domestic flights worth a maximum of P7,000 on Cebu Pacific using the new digital-credit solution as a payment alternative, then pay later in installments over three or six months.
Cashalo has also partnered with Cebu Pacific for its air ticketing project, which aims to serve Filipinos who do not own a credit card. With this service it would be possible to purchase a ticket and pay for it later on installment.
Cashalo, a mobile lending platform backed by local conglomerate JG Summit and Hong Kong-based tech firm Oriente, has P10 billion as initial lending fund for underbanked consumers and MSMEs in the Philippines.