Potential Data Breach in eGovPH System: Threat Actor Claims Access to 200,000 KYC User Data

Threat Actor: GR3GG3M3RC3R | GR3GG3M3RC3R
Victim: eGovPH | eGovPH
Price: $100,000 in BTC
Exfiltrated Data Type: KYC IDs

Key Points :

  • Exploited a 0-day vulnerability in the eGovPH system.
  • Gained root access and bypassed security protocols.
  • Accessed and dumped approximately 200,000 KYC IDs.
  • Cited weaknesses in security monitoring and SSH access patching.
  • Offered a sample of the data to interested buyers via email.
  • Plans to release a writeup on the vulnerability discovery soon.
  • The report is still under verification with ongoing investigations.

On November 8, 2024, a forum user under the alias “GR3GG3M3RC3R” posted a message, claiming they had successfully exploited a 0-day vulnerability in the eGovPH system, which is used for various government services in the Philippines.

According to the post, the actor was able to gain root access, bypassing security protocols and accessing KYC IDs in the eGovPH database. The individual claims they have dumped and are ready to sell approximately 200,000 IDs.

The user cited weaknesses in eGovPH’s security monitoring and lack of proper patching of their SSH (Secure Shell) access as reasons for the vulnerability. They stated that they plan to release a writeup on how they identified the vulnerability in the coming days. In their post, GR3GG3M3RC3R offered a sample of the data via email to interested buyers, indicating that the dataset is being sold for $100,000 in BTC (Bitcoin).

This report is a developing story as it is still under verification. Further investigations are ongoing to confirm the legitimacy of the claims.

Source: https://kukublanph.data.blog/2024/11/12/potential-data-breach-in-egovph-system-threat-actor-claims-access-to-200000-kyc-user-data/