The National Privacy Commission says private data on 3.3 million users of Cashalo mobile app have been hacked and sold online
Users of cash-loaning mobile app "Cashalo" may have had their data sold online, according to privacy commission.
THE National Privacy Commission (NPC) has warned users of cash-loaning mobile application "Cashalo," saying their private data might have been hacked and illegally sold online.
In a statement, Roren Marie Chin, chief of Public Information and Assistance Division of the NPC, said a "data dump" on Cashalo users has been has been posted on different cyber forums since February 14.
The data dump consists of usernames, passwords, e-mail addresses, phone numbers and device identifications of 3.3 million Cashalo users, Chin added.
The NPC added that the leaked data had been uploaded on two websites, Cybleinc and RadiForums, which has since been taken down.
Cashalo, operated by Oriente Express Techsystem Corporation, purportedly aims to solve the problem of "financial exclusion" for underbanked sectors through a mobile app where users could easily avail loans.
The NPC has reached out to Cashalo through their data protection officer to coordinate on the breach and required them to provide additional information.
Cashalo said its IT security team discovered on Friday last week a potential data breach involving its database archive and assured its users that their accounts and passwords are encrypted and have not been compromised. (JV)