NPC update on Alleged Cashalo Data Breach

NPC update on Alleged Cashalo Data Breach

Straits Interactive PH | 2021-02-23 16:24

Amid recent reports on the alleged data breach on the cash-loaning application Cashalo, operated by Oriente Express Techsystem Corporation, the National Privacy Commission (NPC) did a preliminary probe on the data security issue. Initial findings show that huge amounts of personal data from Cashalo are being dumped and sold on different cyber forums since February 14, 2021. A certain user named “creepxploit” sells data of 3.3 million users of Cashalo containing their usernames, passwords, e-mail addresses, phone numbers and device identifications on two sites on the dark web. The user even provides sample data for potential buyers. Given the facts, it is suspected that the user successfully downloaded files from Cashalo’s own database, which signifies a potential breach on the application. Creepxploit’s posts remain accessible as of writing. NPC immediately reached out to Cashalo t...

Unlock these benefits
benefit

Get access to news, enforcement cases, events, and actionable tips and guides

benefit

Get regular email updates and offers

benefit

Job opportunities, mentorship and career guidance

benefit

Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin