Fake data leaks for sale in a hacker forum

Published April 28, 2021, 7:36 AM

by Art Samaniego

Even security professionals are now the target of internet scams and online fraud. Fake data leaks are now being sold in hacker forums together with authentic databases for 500 US dollars. There are actual databases that interest security researchers. Still, unscrupulous individuals have inserted fake data leaks from financial institutions and private agencies to trick users into buying the leaks they are offering. While veteran cybersecurity practitioners could “smell” these fake leaks immediately, it could trick wannabe hackers into buying these databases in the hope of using them for future attacks.

We regularly get information about website defacements, hack attacks, and data leaks from Filipino cybersecurity enthusiasts. We always verify the information that we get, and so far, all of them are always accurate. Last week, we got a tip that there’s a new entry in a hacker forum that mentions DENR of the Philippines and a company named PDAX.

DENR or Department of Environment and Natural Resources is the country’s primary agency responsible for the conservation, management, development, and proper use of the country’s environment and natural resources. When we checked the forum, we found out that the uploader published user names and passwords of DENR employees. We immediately informed the National Privacy Commission about it, and we got a confirmation that the leak looks legitimate. The NPC is now investigating this incident.

When we checked the other company mentioned, we found out that the hacker talked about the Philippine Digital Asset Exchange, a Bangko Sentral ng Pilipinas regulated exchange that enables users to buy, sell, and trade digital assets such as Bitcoin to the Philippine Peso. Early this year, a system glitch drags the PDAX name into controversy as some users were able to do unauthorized transactions because of the incident. PDAX already fixed the issue.

We informed PDAX about the issue, and after a day, we got a statement from Nichel Gaba, CEO and Founder of PDAX:

“As a financial institution, security and privacy are very important to us. At all times, PDAX maintains a robust security infrastructure to protect our database and systems.

Upon hearing about alleged PDAX data that’s for sale, we conducted a thorough investigation and found the claim to be false. There has been no breach of our systems, codebase, customer or personnel data, or unauthorized access of any kind.

Nevertheless, PDAX takes security risks very seriously. We remind all users to remain vigilant, enable two-factor authentication (2FA), and immediately report any suspicious activity by contacting us at [email protected]

We agree with Mr. Gaba that the alleged data leak on PDAX was false. The hacker published the usernames and hashed passwords of the alleged PDAX employees. We verified the information by sending emails to the persons concerned. All emails that we sent bounced with errors saying “user does not exist.”

This fake PDAX data leak is for sale in a hacker forum. All the people listed as admin in the sample are not PDAX users.

Users need to be extra careful. Hacker forums are a treasure trove of information, including leaked data. Now, some scammers have joined these forums to trick users into buying bogus information.

The DENR and the fake PDAX data leak are still available on the hacker forum and for sale for 500 US dollars each.