Following the recent fake eGovPH hack post, a cybercrime unit has urged cybersecurity enthusiasts to exercise caution when examining data breach claims on dark web forums.
The Cybercrime Investigation and Coordinating Center (CICC) and the Department of Information and Communications Technology (DICT) eGov Development Team have advised that breach information on the Breach Forums should be scrutinized.
Fake hack claim
In a statement, CICC Executive Director Alexander K. Ramos said that the alleged eGovPH data breach on the Breach Forums is “nothing more than a fake hacking claim.”
Ramos added that a Breach Forums user named GR3GGM3RC3R is under investigation. He noted that the user who “claimed to hack the eGovPH app is a scammer and not a real hacker.”
“He’s attempting to defraud forum members by falsely claiming possession of sensitive data,” Ramos explained.
eGovPH is ‘safe’
Meanwhile, DICT Undersecretary for E-Government David Almirol, who heads the development of the eGovPH app, assured the public that it is “fortified with multiple security measures”—guaranteeing its safety.
“Aside from the encryption and eGovChain security of the eGovPH app, we also have an attached key for each data, which is an additional security measure,” Almirol explained. “If someone claims they have hacked the system but cannot provide the key, their claim is false,” he added.
Banned for scamming
Ramos noted that they received information that the Breach Forums user GR3GGM3RC3R, whom they are investigating, has been “banned” for scamming.
“Using an anonymizer, some concerned users contacted the account holder to request sample data to verify the alleged eGovPH breach,” Ramos said. “However, the scammer could not provide the requested evidence, exposing the claim as a hoax,” he added.
Ramos further stated that with concerned users reporting this incident to the platform, Breach Forums “permanently banned the fake hacker GR3GGM3RC3R to prevent him from deceiving others with non-existent data.”
“Known for extorting Bitcoin payments by leveraging fraudulent claims, this scammer’s modus operandi involves intimidating victims by alleging access to personal information, often obtained from dubious or fabricated sources,” Ramos said.
Almirol stated that while Breach Forums thrives on enabling illegal activities, it paradoxically enforces its code of conduct to preserve credibility and functionality.
“We are coordinating with the CICC, as the Breach Forums’ existence on the dark web underscores the critical need for strong cybersecurity measures, international cooperation to combat such platforms, and the broader cybercrime ecosystem they support,” Almirol said.
CICC noted that Breach Forums is an “infamous dark web platform that has gained notoriety as a hub for cybercriminals and hackers to trade stolen data and illicit digital goods.”
Often operating in the shadows of the dark web or through anonymized platforms, CICC said that Breach Forums “facilitates the sale of sensitive information” such as personal identities, financial details, and corporate data obtained through cyberattacks, phishing campaigns, or ransomware operations.
“This marketplace enables cybercriminals to profit from their illegal activities, contributing to a dangerous ecosystem of data breaches and identity theft,” CICC said.
The Philippine cybersecurity group Deep Web Konek highlighted a fake data breach claim posted on Breach Forums by the now-banned user GR3GGM3RC3R, raising alarms within the cybersecurity community.