According to a recent report published by Vittoria Elliott on “Rest of World”, around 345k sensitive documents from a Philippines court were leaked online and were made accessible to anyone.
A UK-based cyber security company, TurgenSec, was the first to identify the leak of some 345,000 confidential documents of the Office of the Solicitor General of the Philippines, 345k philippineelliott restworld.
The Office of the Solicitor General of the Philippines is the official representative authority of the Philippines government, consisting of a government-hired legal team and attornies. The legal documents of the same institute were made public online for two months.
As TurgenSec identified the leak, the security company also stated that the documents (345k philippineelliott restworld) were being searched on Google and surprisingly found too, even after the Philippines authorities took them down. According to TurgenSec, some search results are still valid due to Google’s cache system.
In the report, TurgenSec also revealed that the documents contained words like “trafficking,” “rape,” and “execution,” which was the reason why TurgenSec made the identification of the data breach public in the first place.
“It’s not like a traditional data breach that we disclose… This one caught our eye because it seems that it might have broader ramifications,” said a TurgenSec spokesperson on the Filipino data breach.
Contents
How Did TurgenSec Find the Data Breach?
One would question why would a cybersecurity company makes such a finding public. Well, at first, they didn’t.
In February 2021, a third-party whistleblower sent the leaked files to TurgenSec for further investigation, considering the company’s expertise in cyber security. As soon as TurgenSec received the leaked documents (345k philippineelliott restworld) from an unknown source, the security firm showed responsibility and informed the Filipino Solicitor’s Office immediately.
At first, TurbenSec was positive that the Philippines government will take quick action to cover up the data breach, but upon contacting them even twice, TurbenSec say they didn’t receive any response at all.
Solicitor’s Office Didn’t Respond to RestofWorld too
After the failed attempt to contact the Solicitor General’s office regarding the confidential document breach, “Rest of World” also reached out to the Philippine Department of Justice. The concerned department did receive the message and even acknowledged it, but the result was the same as TurbenSec received: no response.
TurgenSec was surprised by the irresponsible behavior of the Filipino government as such confidential data (345k philippineelliott restworld) shouldn’t have reached the wrong hands. What’s even more surprising about those 345k Philippines documents is that they were public for two consecutive months and God knows if the Solicitor’s office was even aware of that.
“The fix takes literally 20 seconds…They should just be taking these really basic steps to protect their data,” said a TurgenSec spokesperson.
“I wouldn’t be surprised if [the people responsible for defacing the Solicitor General’s website] hacked it using information from this data breach, which seems to have been public for quite a while…It has a bunch of plain-text passwords in there, along with other stuff that should not be public-facing,” the spokesperson added.
What Did the Leaked Documents Contain?
The leaked documents contained extremely confidential information about the Filipino government. The data was shared by TurgenSec but the cyber security firm didn’t go through each document as it would be unethical and against their confidentiality policy.
However, they did keyword research and these are the most concurring keywords in those 345k Philippines government leaked documents:
- “Rape” – 774 times
- “Execution” – 437 times
- “Trafficking” – 135 times
- “Terrorist”
- “Terrorism”
- “Private”
- “Confidential”
- “Password”
- “Witness”
- “Duterte” – (Philippine President Rodrigo Duterte)
This data was shared by TurgenSec; according to the cyber security firm, the leak took place when an open web server was misconfigured from “private” to “public.”
The governments should take care of such small things that can cause the most damage to national security than anticipated. Unfortunately, this is not the first time the Philippine government’s data has been breached.
In 2016, the Philippine Commission on Elections suffered a data breach that resulted in the exposure of information belonging to over 55 million voters.
Something similar happened in December 2020, when the Solicitor General’s website was also hacked and the perpetrators posted a message on the homepage.
Summary
Around 345k secret documents from the Philippine government’s Office of the Solicitor General were accidentally leaked online and available to anyone. A UK-based cyber security company received the documents from a whistleblower. The leaked documents included sensitive information and the company described the Philippine government’s handling of the situation as irresponsible.
The documents were made public because a web server was not set up properly. The Philippine government has had problems with data breaches before, including the 2016 exposure of information belonging to over 55 million voters.
Also read:
Sources Amazon Reyvox, Jason Del Rey (Vox) on Amazon and the eCom Giant’s Future
