DICT says 'hacking' of eGovPh app a hoax

The Department of Information and Communications Technology (DICT) on Friday denied claims that the eGovPH mobile application had been hacked and that user data had been compromised, calling the report a hoax.

In a statement, DICT spokesperson Assistant Secretary for Legal Affairs Renato Paraiso said the National Computer Emergency Response Team (NCERT) and the eGov Development Team had already checked the app.

He said the DICT’s NCERT and the eGov Development Team conducted an initial investigation.

“Results from the initial investigation made by NCERT and eGov show that no large data transfer, user suspicious behavior, or network activity anomaly in the eGovPH System were observed,” he added.

Paraiso assured the public that all data on the eGovPH App are safe and the services being provided by the DICT remain secure.

“We ask everyone to be mindful in sharing content online and rely on official Department channels for accurate information and updates,” he said.

The DICT issued the statement following a threat reported by the Philippine-based cybersecurity enthusiast group Deep Web Konek, through its blog Kukublan Philippines, citing a potential data breach in the eGovPH system.

The group said the hacking may have resulted in a threat actor having access to the know-your-customer (KYC) data of around 200,000 users.

The report originated from a post by a user on a deep web forum, identified by the alias "GR3GG3M3RC3R." The user claimed to have exploited a zero-day vulnerability in the eGovPH system to gain root access and allegedly offered to sell the KYC data of approximately 200,000 users.

The eGovPH mobile app is part of the Philippine government's push for digitalization, enabling the public to avail of seamless access to government-related services.