Filipino voters' data leaked via search engine

MANILA, Philippines (UPDATE 4 6:19 p.m.) — A group of hackers launched Thursday a search engine for the data of Filipino voters stored in breached Commission on Elections (Comelec) database.

The group, which calls itself LulzSec Pilipinas, claims to have dumped data on millions Filipino voters and published these online for downloading via a torrent file.

"The database contains a lot of sensitive information, including fingerprint data and passport information. So, we thought that it would be fun to make a search engine over that data," the group claimed in a statement on the website.

The hackers said they decided to launch a search engine to distinguish themselves from other hackers.

Screenshot of the recently launched website by a hacking group claiming to have the window to information on millions of Filipino voters.

"Hackers just hack and download data from websites but we make it accessible for anyone. It's one thing to hear news about a huge data leak and another to is see your data in a public website. Maybe, at least now, government will start thinking about security of citizens' personal data," the group stated.

Comelec spokesperson James Jimenez warned the public not to access the hackers' website and apologized for the "continuing attack" on privacy despite earlier assurances that voters' data are safe.

He also said the Comelec has yet to verify the accuracy of the data the hackers claim to have copied.

The National Bureau of Investigation earlier on Thursday nabbed one of the suspected attackers of the Comelec site. The suspects' cohorts, however, remain at large.

Older information apparently leaked

Search on the newly built engine, meanwhile, yields information on a voter's province, residence, precinct, registration date and local ID.

A few registered voters confirmed to Philstar.com that the information posted on the site are consistent with those found in the Comelec's database. Other personal information, however, are not updated.

Newly registered voters have also said that their names could not be found on the hackers' website.

Even as it came as a surprise to many netizens, international security outfits have warned the Philippine government that the data of voters have been put at risk by the recent breach of the poll body's database.

Investigation by TrendMicro found that passport details of 1.3 million overseas Filipino voters and 15.8 million fingerprint records were included in the massive data breach. Also leaked was a list of Comelec officials that have admin accounts.

Its scope makes it the biggest government-related data breach in history, surpassing the 2015 hacking of the US Office of Personnel Management which revealed fingerprints and social security numbers of 20 million Americans.

What’s more alarming, according to TrendMicro, was that the “crucial data is just in plain text and accessible to everyone.”

Following the March 27 hacking by another group called Anonymous Philippines, LulzSec Pilipinas released the poll body’s entire database online. Three more mirror links were later added where the database could be downloaded.

READ: Comelec hack puts data of 55M registered voters at risk, security firm says

Comelec had denied the security report, however, and assured voters their sensitive biometrics data were not included in the database.

“We know the data they (hacker group) claimed to have and we know that data doesn’t include biometrics,” Jimenez said at a briefing on April 12.