A hacker known as "ph1ns" has claimed responsibility for a significant breach of the Philippine National Police (PNP) systems. The hacker, who previously breached the Department of Science and Technology (DOST), gained access to the "PNP Logistics Data Information and Management System" (PLDIMS), disrupting the platform and rendering it inaccessible.

In his post on Breach Forums, ph1ns shared the link to the evidence of the breach, including a database sample containing over 393,894 rows of personal information, such as names, birthdates, unit assignments, and email addresses. The hacker attributed the breach to a series of human errors. According to ph1ns, the PNP had enabled the Laravel PHP framework's debug mode, a setting typically used for development and troubleshooting. This exposed sensitive environment variables, including database credentials. He added that the next mistake was configuring the database to allow remote connections, meaning it could be accessed from outside the PNP's internal network.

Ph1ns explained his methodology, starting with using Shodan, a search engine for internet-connected devices, to identify PNP servers with open ports. He then employed tools to scan these servers for vulnerabilities. Upon discovering the enabled debug mode on the PLDIMS platform, ph1ns was able to extract the database credentials, gaining access to the sensitive data.

In a press briefing at Camp Crame, PNP spokesperson Col. Jean Fajardo reported that at around 10 a.m. on Monday, an alleged system breach was reported. "As an initial action, our IT officer immediately shut down the system to prevent further damage, but so far, they haven't seen any breach during the initial assessment," Fajardo said.

Fajardo mentioned that the cyber response team is currently conducting an investigation. "I haven't spoken to the ACG yet, but they will conduct their own investigation," she added.

"Right now, our cyber-response team has shut down the system as a precautionary measure. The deputy director of DL mentioned that they haven't seen any breach yet. We're investigating if there was indeed an attempt to breach the system," Fajardo continued.

Fajardo also noted that according to Gen. Neri, no breach has been detected so far.

"When we talk about logistics data information, we expect it to include the PNP's logistical resources, so we need to check for any breaches. Definitely, there is information data in the system because when we talk about logistics, it encompasses the logistical assets of the PNP," Fajardo explained.

DICT Undersecretary for Infostructure Management, Cybersecurity, and Upskilling Jeffrey Ian C. Dy told MB Technews that "the PNP has to look for the persistence of access in their databases, not just the breached system. "Our DICT NCERT is ready to assist if PNP requests it". He added

The breach's impact is potentially far-reaching, affecting a significant number of police officers and individuals associated with the PNP. According to ph1ns in an email interview, he intends to continue targeting the PNP for further data.

The incident raises concerns about the security of sensitive government data and the potential for human error to facilitate cyberattacks. The PNP has yet to issue an official statement regarding the breach.