Telco giant PLDT Inc. was the latest to fall victim to hackers, underscoring the real threat of cyberattacks as the COVID-19 pandemic sweeps the globe.
For more than an hour starting around noon on Thursday (May 28), an anonymous group seized control of the company’s home broadband customer service account on Twitter called PLDT Cares.
The account has over 100,000 followers and follows nearly as many accounts— an indication of the size of its customer interactions.
This has also called into question comprised personal data potentially contained in direct messages with customers.
PLDT spokesperson Ramon Isberto said the company was investigating the attack and conducting a security audit. Privacy Commissioner Raymond Enriquez Liboro said he was aware of the event.
“We have breach protocols in place,” Liboro told the Inquirer in a text message on Thursday.
He said PLDT has its own data protection team and “we will wait for the official report from them if this indeed constitutes a notifiable breach.”
While PLDT’s customer service team typically deals only with reference numbers when addressing concerns, it is usually the customer that includes personal information that hackers can use.
“It’s the clients who volunteer their private info in the hope it will make things faster for them,” digital forensics expert Drexx Laggui told the Inquirer.
He said companies large and small and even ordinary social media users should always use two-factor authentication. Moreover, companies dealing with sensitive information should not rely on text messaging, since these can be intercepted.
He said it was better to rely on software-based authenticators.
Passwords are another area where many users get tripped. Those that are too complex or are changed frequently often lead to users forgetting their passwords, Laggui said.
“Worse, they’ll write it down where someone can access it discreetly. Or even worse, they’ll recycle passwords from secure and unsecure websites,” he said.
For tighter security, Laggui suggested the use of pass-phrases or a “string of words that makes sense to someone” on top of two-factor authentication.
In case the account is lost to hackers, Laggui said the best thing to do is act quickly and let people know through alternative means like another social media platform or page.
“So you can disown those immediately and thus distance yourself from any liability and protect your reputation,” he said.
Cyber attacks have been growing noticeably during the coronavirus pandemic, Isberto noted, citing data from PLDT’s cybersecurity control room.
During the pandemic, some sectors are more vulnerable than others.
Last month, the World Health Organization noted a dramatic increase in cyberattacks directed at its staff.
In a report released last Jan. 28, cybersecurity firm Kaspersky said the Philippines topped Southeast Asia for two years straight in terms of internet-based threats.
It said people can exercise simple safety tips.
Kaspersky experts suggested checking links before visiting a website, looking for spelling errors or other irregularities.
People should also avoid logging on to online banks and similar services over public WiFi networks and not to trust emails with unknown origins.
Edited by TSB
Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.
For feedback, complaints, or inquiries, contact us.