A BREACH UNCOVERED
Hacker: Personal data of Cebu Pacific passengers downloaded. Cebu Pacific: No sensitive information was compromised.
Name, date of birth, address, contact details, emails even Facebook access tokens were downloaded from the Cebu Pacific servers – a breach claimed by a hacker who goes by a moniker Kangkong, a member of the local hacking group Pinoy LulzSec.
In a Twitter update, @PinoyLulSec posted: “Large Data Breach Coming from GetGo to CebPac. Active
Directory is lyf — KangKong”
While the severity of the hack is not yet known, the hacker claimed that more than 40GB of data was exfiltrated from the servers. Based on the 2018 statistics of Cebu Pacific available online, the company has served more than 20 million passengers from its 135,071 flights. This number is feared to be compromised by independent cybersecurity professionals looking into the incident.
Cebu Pacific however clarified and downplayed the impact of the breach. In an exclusive interview, Laureen Cansana, Chief Information Officer of Cebu Pacific informed The Manila Bulletin that there was an unauthorized access but the hackers only reached the interface layer, it is the place where you login in the app or website. “Only the first layer was breached. But they weren’t able to really penetrate deeper where the customer data are stored.” Cansana also said that the information that was exposed were the GetGo number card, FB profile and username. “That’s all the information that they were able to get, not as what they’re claiming.” she added.
With regards to the 40GB claim of the hacker, Glenn Amper, IT Security Manager of Cebu Pacific said: “We are still verifying that claim and their claim of access to directory services. We’re still looking for those information.” He also assured that credit card information of clients are safe. “The credit card information is stored in another database and Cebu Pacific never stored passwords and CCV of the card.”
“Next step is going to the dark web to see if there’s any other information out there —as long as Cebu Pacific customers are concern, so far there is none. The web API is the last piece that is being boarded in the web application firewall, the rest of Cebu Pacific Air and GetGo are in the firewall. We see and track malicious traffic to our servers. It’s just bad timing that they got ahead of us in this one.” Amper added.
While the investigation is on-going, all GetGo accounts would be temporarily locked and all channels would be unavailable. Also as an additional precaution, users would not be able to access Cebu Pacific website and mobile app using their GetGO credentials.
Independent cybersecurity professionals are also monitoring websites where the hacker could have dumped the database. Manila Bulletin got information that as of this writing, all leads are negative.
This is a developing story. Will update as soon as we get additional information. - Editor