Deep Web Konek

26/10/2025

: GCash User Data Allegedly Sold on Dark Web — Millions of Accounts Affected

A data leak allegedly involving G-Xchange/GCash has surfaced on a dark web forum. The post, made by a user named Oversleep8351, claims to be selling records from 2019 up to October 2025, including eKYC (Know Your Customer) information, linked bank accounts, and GCash numbers.

According to the listing, the data includes both merchant and basic users — with personal details such as names, addresses, employment, and even valid Philippine IDs. The seller claims the dump contains up to 7–8 million users, offered in bundles priced up to $25,000, payable only through Monero (XMR) cryptocurrency.

The forum post states that all data is “unorganized,” meaning it must be sorted manually, and that the seller will only deal with “existing buyers” from previous dark web transactions.

If confirmed, this would be one of the largest alleged data leaks involving a Philippine fintech company to date.

📰 Read the full story in the comment section.

24/10/2025

: PNP Officers’ Data Allegedly Breached, 414,000 Records for Sale on Dark Web

A threat actor identified as SentinelX has claimed responsibility for breaching the Philippine National Police (PNP) server, allegedly stealing data belonging to both active and retired officers. The post, made on a dark web forum, offers more than 414,000 records for sale, containing highly sensitive information.

The leaked data reportedly includes full names, birthdates, addresses, contact numbers, official and personal emails, government-issued IDs (such as TIN, GSIS, Pag-IBIG, and PhilHealth numbers), and even details about fi****ms, promotions, and family members of the officers.

🔎 Read the full story in the comment section.

23/10/2025

20/10/2025

: A post on an underground forum has surfaced, allegedly selling a database stolen from a Philippine government system containing more than one million COVID-19 vaccination records.

The listing, uploaded on October 18, 2025, by a user going by the alias hrs666666, claims to offer “COVID-19 vaccination information” sourced from government systems in Cebu, with the seller stating that data from other cities can also be requested.

Attached to the post is a screenshot showing what appears to be an SQL database table containing a wide range of personal data. Based on the visible fields, the records include full names, contact numbers, home addresses, birthdates, gender, vaccination status, and other demographic details such as city, barangay, province, and social welfare information like PWD ID and PhilHealth ID numbers. Some records also list age, residential type, and occupation-related identifiers, suggesting the dataset originated from a comprehensive vaccination or health monitoring system.

The seller advertises the database as having around one million entries, stating that samples can be provided to potential buyers and that transactions would only be made using XMR (Monero) cryptocurrency. The post emphasizes that it is intended for “serious buyers” and offers escrow options to verify authenticity.

As of this writing, authorities have not confirmed the validity or source of the alleged data.

19/10/2025

#𝗘𝗱𝗶𝘁𝗼𝗿𝗶𝗮𝗹: 𝗙𝗶𝗹𝗶𝗽𝗶𝗻𝗼𝘀 𝗢𝗻𝗹𝘆 𝗖𝗮𝗿𝗲 𝗔𝗯𝗼𝘂𝘁 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗪𝗵𝗲𝗻 𝗠𝗼𝗻𝗲𝘆 𝗜𝘀 𝗼𝗻 𝘁𝗵𝗲 𝗟𝗶𝗻𝗲

Filipinos are some of the fastest adopters of digital tools in Southeast Asia. We bank online, pay through QR codes, send cash gifts via e-wallets, and even earn through digital platforms. Yet, behind this convenience lies a hard truth: we only start to care about cybersecurity when money enters the conversation.

Filipinos must understand that cybersecurity is not just about pesos and e-wallets. Every piece of personal information — your full name, birthday, phone number, and even your selfie — has real market value in the dark web. In fact, according to dark web intelligence findings, each Personally Identifiable Information (PII) record can be worth more than $50, depending on how complete it is.

Read the full article in the comment section.

18/10/2025

: A ransomware group calling itself "The Gentleman" has started leaking internal files and customer data allegedly belonging to 2GO Group, one of the Philippines’ largest logistics and shipping companies.

The Gentleman’s leak site, accessible through the dark web. Under the section labeled “2GO Group,” the site contains several folders titled part1, part2, part3, and data1, along with an Excel file named “Updated Master Customer.xlsx” (1.2 MB). The file name suggests that customer-related data may be part of the exposed content.

Less than a day after the 2GO Group leak appeared, the group added Personal Collection, a well-known direct selling and distribution company in the Philippines, to its list of upcoming victims. The site currently displays a countdown timer indicating that the release of Personal Collection’s data will occur in under 20 hours. Details about the nature or scope of that dataset remain unknown as of this report.

More information in the website or check the comment section.

09/10/2025

: DepEd Ilocos Norte and Aurora Breached by Quantum Security Group

A threat group called Quantum Security Group has claimed to have breached the systems of DepEd Ilocos Norte and DepEd Aurora, leaking millions of records online. In its posts on a dark web forum, the group said it stole over 3 million records from Ilocos Norte, including names, contact details, school information, and sensitive data such as TIN and PhilHealth numbers. For DepEd Aurora, the group claimed it exfiltrated all databases and a backup file, calling the system “weak.” Both posts contained threats and warnings directed at DepEd, saying the data had been leaked publicly.

As of now, no official statement has been issued by the Department of Education or the affected regional offices.

READ THE FULL ARTICLE IN THE COMMENT SECTION.

09/10/2025

: Personal Collection Direct Selling, Inc., a Philippine-based retail and direct selling company, has reportedly fallen victim to a ransomware attack carried out by the group known as “The Gentlemen.”

A post circulating on dark web monitoring channels featured the company’s profile, revenue details. The post also contained a message thanking 2GO for access, a statement that may indicate the attackers’ method of entry or reference to compromised infrastructure.

As of this writing, Personal Collection has not issued any official statement regarding the alleged ransomware attack or the extent of the incident.

09/10/2025

Interesting read! 👀

Henry Rhoel Aguda has been confirmed as secretary of the Department of Information and Communications Technology (DICT) after months of delay.

08/10/2025

😶‍🌫️😶‍🌫️😶‍🌫️

To push for a more secure bank and government transactions, the DICT is planning to incorporate retina-scan technology in the country. | via ANC 24/7

Link to full story in the comments section.

08/10/2025

🚨 DPWH WEBSITE HACKED BY “QUANTUM SECURITY GROUP”

The official website of the Department of Public Works and Highways (DPWH) has been defaced by a group calling itself Quantum Security Group, claiming responsibility for the cyberattack and accusing the agency of corruption, fake flood control projects, and ghost projects that allegedly cost billions in public funds.

The defacement message appeared on multiple DPWH pages, displaying the group’s logo and the bold statement: “NO MORE GHOST PROJECTS. NO MORE STOLEN LIVES.”

Key Points from the Hack Message:

1. Accuses DPWH of fake flood control projects and falsified inspections.
2. Claims billions of pesos were lost to corruption and substandard infrastructure.
3. Calls the alleged acts not just incompetence but betrayal.
4. Lists former and current DPWH officials allegedly involved in anomalies.

Ends with a warning: “We do not forgive. We do not forget.”

The group also wrote that their act was not revenge but a “call for justice and accountability”, urging citizens to demand transparency in government projects.

As of now, DPWH has not released any official statement regarding the breach or the allegations posted by the attackers.

08/10/2025

: DILG’s Full Disclosure Policy Portal Allegedly Leaked

A threat actor going by the name “0xSeve” has claimed responsibility for a massive breach involving the Full Disclosure Policy Portal (FDPP) of the Department of the Interior and Local Government (DILG).

According to a post made on a dark web forum, the actor leaked over 22GB of internal data — including more than 40 million records from the FDPP system. The files listed in the breach reportedly contain audit trails, logs, attachments, and user information such as user_info.csv, audit_trail.csv, and doc_remark.csv.

The same actor also defaced a DILG web directory, leaving a red page with the message: “Greetings DILG — Here’s a low-budget defacement page for ya! Talk about budgets, everything is out there now. When I say everything, I mean it.”

The defacement included a quote from the attacker: “Anyone can be corrupt given the opportunity to do so, but corruption remains a matter of CHOICE.”

The Full Disclosure Policy Portal (FDPP) is a transparency platform that allows the public to view financial and procurement documents from LGUs, but the breach raises serious concerns about the system’s integrity and data protection.

As of now, the DILG has not released any official statement regarding the alleged breach or website defacement.

📎 READ THE FULL ARTICLE IN THE COMMENT SECTION