The Cybercrime Investigation and Coordinating Center (CICC) and the Department of Information and Communications Technology (DICT) eGov Development Team are advising cybersecurity enthusiasts to exercise caution when reviewing data breach information on the Breach Forums, as highlighted by the recent fake eGovPH hack post.
CICC Executive Director Alexander K. Ramos revealed that the alleged eGovPH data breach in the Breach Forums is nothing more than a fake hacking claim.
“The Breach Forums user named GR3GGM3RC3R we are investigating who claimed to hack the eGovPH app is a scammer and not a real hacker. He’s attempting to defraud forum members by falsely claiming possession of sensitive data,” Ramos said.
DICT Undersecretary for E-Government David Almirol, who heads the development of the eGovPH app, assured the public that the eGovPH app is fortified with multiple security measures, guaranteeing its safety.
“Aside from the encryption and eGovChain security of the eGovPH app, we also have an attached key for each data, which is an additional security measure,” Almirol explained. “If someone claims they have hacked the system but cannot provide the key, their claim is false,” Almirol added.
Breach Forums is an infamous dark web platform that has gained notoriety as a hub for cybercriminals and hackers to trade stolen data and illicit digital goods. Often operating in the shadows of the dark web or through anonymized platforms, Breach Forums facilitates the sale of sensitive information such as personal identities, financial details, and corporate data obtained through cyberattacks, phishing campaigns, or ransomware operations. This marketplace enables cybercriminals to profit from their illegal activities, contributing to a dangerous ecosystem of data breaches and identity theft.
Ramos said they received information that the Breach Forums user GR3GGM3RC3R they are investigating has been banned for scamming. “Using an anonymizer, some concerned users contacted the account holder to request sample data to verify the alleged eGovPH breach. However, the scammer could not provide the requested evidence, exposing the claim as a hoax,” Ramos said.
“With concerned users reporting this incident to the platform, Breach Forums permanently banned the fake hacker GR3GGM3RC3R to prevent him from deceiving others with non-existent data. Known for extorting Bitcoin payments by leveraging fraudulent claims, this scammer modus operandi involves intimidating victims by alleging access to personal information, often obtained from dubious or fabricated sources,” Ramos added.
Almirol said that Breach Forums thrives on enabling illegal activities but paradoxically enforces its code of conduct to preserve credibility and functionality.
“We are coordinating with the CICC as the Breach Forums’ existence in the dark web underscores the critical need for strong cybersecurity measures, international cooperation to combat such platforms, and the broader cybercrime ecosystem they support,” Almirol said.
The Philippine cybersecurity group Deep Web Konek reported on its blog the fake data breach claim posted on Breach Forums by the now-banned user GR3GGM3RC3R, sparking concerns in the cybersecurity community.