A hacker going by the handle “ph1ns”, gained access to the PNP Logistics Data Information and Management System (PLDIMS) as part of a string of attacks on the police force's systems.
Afterward, the hacker gained access to the Firearms and Explosives Office's (FEO) Online License and Permits Application system.
According to a report by Manila Bulletin, ph1ns provided the link as proof of the hack, which included a sample database with over 393,894 rows of private data, including email addresses, names, dates of birth, and unit assignments.
PNP infiltrated
In the same report, ph1ns discovered a vulnerable server at {https://103.152.214.xxx/}, which they found to be the PNP's FEO Online License/Permits Application platform, starting the breach.
The hacker successfully generated an account by creating a fake email address which circumvented email verification.
As a result, the PNP experienced a loss of roughly 1.6 terabytes of sensitive material, with ph1ns able to access terabytes of data from the FEO databases.
The hacker also asserted that the data obtained–which totaled to 500,000 names from the list–contained personal information such as birthdays, marital status, emails, tax identification numbers, phone numbers, mobile numbers, next of kin information, neuro test and drug test expiration dates, and more.
‘Human error’
The hacker claimed that several human mistakes were to blame for the attack.
ph1ns has been connected to cyberattacks on the websites of Acer computers and businesses owned by House Speaker Martin Romualdez in the past.
ph1ns recommended the use of Web Application Firewalls (WAF), patching vulnerabilities, employing Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), putting in place whitelisting, and keeping an eye on all connections to sensitive services as preventive actions.
