MANILA (Updated) – The Comelec data breach has reached an entirely new level, with a new site being put up that lets anyone search for any names listed in the database leaked by the group known as Lulzsec Pilipinas.
The site, named "Philippines, we have your data," spread on social media Thursday, April 21.
The site allows anyone to input a first name and last name to index a list of possible matches from the Comelec database, which can include their own data.
The data itself, based on a number of reports, includes birthdates, fingerprint data, names of relatives, one's personal address, citizenship information, passport information, and other miscellaneous information.
Unlike an earlier searchable index from Have I Been Pwned – which only informed the scope of the breach to individuals – none of the information stored on the searchable website is kept private from any other individual. This means anyone with a passing interest and a name in mind can now search for additional information on potentially millions of registered voters.
"We thought that it would be fun to make a search engine over that data," the website said.
According to Whois registration information, the registrant for the site appears to be from Russia.
Raising alarm
Security experts previously raised an alarm over the potential issues of the data breach. Security firm Trend Micro said that the breach made Filipino voters "susceptible to fraud and other risks.”
Troy Hunt, who maintains the Have I Been Pwned website which earlier confirmed the extent of the breach and allowed users to check their names against known email addresses from the leak, was alarmed that the Comelec site was "an absolute mess of huge volumes of data, tables with suffixes which appear to indicate copies or duplication, draft or temporary data and inconsistent (and frequently insufficient) cryptographic storage of sensitive data."
Meanwhile, a suspected hacker of the Comelec website has been captured, and is now in government custody.
While the site does list many names of affected individuals, it should also be noted that not being listed on the site does not ensure that you are safe from the extent of the data leak. (Rappler.com)
*****
Article republished under Sun.Star’s content partnership with Rappler.com.