Screencapped above is the website launched by hackers who have made the personal data of millions Filipinos available to the public
By now, you may have heard that the Commission on Election’s (Comelec) website was allegedly hacked, and the data was leaked via a searchable database.
With this search engine, anyone can search for the personal information of any Filipino voter by using their first and last names. It can display basic information like birthdates and more personal data like a voter’s address, passport data and event their fingerprint. Read the rest of the story here.
If you're planning to try it out to see if it works, we highly advise you not to do so. “It can be used by the hackers to steal your information and thus expose you even further to the dangers of identity theft,” Comelec spokesperson James Jimenez said in a statement.
The same advice also came from members of the Facebook community page Protect Pinas. We found an informative post published on the page by software architect Jon Limjap and cyber security specialist Milo Pacamara along with data engineer Humprey Cogay and software designer Toto Gamboa.
They shared the possible ways criminals can take advantage of this massive information leak and how best we can protect ourselves.
Here's are expert tips from the group on how you can protect your personal information:
Change all your passwords, with a unique password for each online account.
Use password management applications such as 1Password or Passkeeper.
Change your forgot password secret question and answer making sure to avoid using "mother's maiden name" as your secret question and answer.
Use two-factor authentication for all your online banking accounts. If possible, avoid using your cellphone number and use mobile applications and/or physical security devices for two-factor authentication.
Do not respond to calls from anyone asking you for your personal information, especially your full name, address, and mother's maiden name. Only provide such information if you've called your bank yourself, and as much as possible limit these interactions.
Do not follow links received via email, especially those asking you to input your password, or answer questions with personal information. Only provide such information if you've personally opened an online banking website yourself
Be wary of notices from government, organizations like banks verifying about your personal information
Do not open email attachments from email addresses that you don't know and expect, especially when the files are in HTML, ZIP, JPG, DCOM, RAR, JAR, TGZ, TAR, JS, and APK format.
A commenter on the post adds, “If you have accounts on your bank's online websites, make sure to contact the bank and flag your account for any attempts at changing your details.”
Other accounts that you should flag and change passwords include: accounts on online retailers like Amazon and Lazada, postpaid lines, and basically, any account that’s connected to your finances.
In the event of suspicious activity, immediately contact the help desk of the online service or financial institution you are subscribed to.