COMELEC Database Hacked: What To Do To Protect Yourself

[Updated version; as of 22:57 H, 2016-04-22] What To Do To Protect Yourself If Your Personal Info Is Compromised Due to the Recent COMELEC Database Hacking Incident "Your personal data is out... now what? My friends and I have been compiling a list of things that you may do to protect yourself from identity theft. Feel free to share with your friends as well." - Jon Limjap You probably know by now that your personal data has been compromised when COMELEC's voter database has been hacked and stolen. Some people have confirmed that their personal data has been compromised by the website (wehaveyourdata.com), but PLEASE REFRAIN from using this site as you may expose yourself to further risk. [As of 10pm, April 22, the website wehaveyourdata.com has been confirmed to be offline/unreachable. The domain name's server DNS address could not be found.] [The Commission on Elections says the United States Of America Department of Justice helped in taking down the website that leaked voters' data. US aids Philippines in containing data leak - Rappler] A variety of personal data is included in the site: full legal name including your mother's maiden last name, full birthdate, permanent addresses, and even the image of your fingerprints. OFWs are even more adversely affected as it contains passport information and their address abroad. All of these information can be used against you in the form of identity theft. WHAT SHOULD YOU EXPECT? If your personal information is compromised, here are the possible things that might possibly happen to you:

• Credit card fraud thru over the phone or online purchases with assistance from your credit card company by providing personal details
• Access to your bank accounts and information by providing your personal details - Receive phishing e-mails coming from individuals or institutions identifying itself as a bank asking information of password or PIN reset
• Take over your email and social media accounts (Facebook, Instagram, Twitter, etc) by requesting a request password
• Receive phishing e-mails coming from individuals or institutions identifying itself as a bank asking information of password or pin reset.
• Email reset request with links
• You will probably get notices from COMELEC or NBI or any other government or organizations such as banks asking you to check if your name is included in the stolen database.

HOW DO YOU PROTECT YOURSELF? These are the things you can do to protect yourself:

• Change all your passwords, with a unique password for each online account
• Use password management applications such as 1Password or Passkeeper
• Change your forgot password secret question and answer making sure to avoid using "Mother's Maiden Name" as your secret question and answer
• Use two-factor authentication for all your online banking accounts. If possible, avoid using your cellphone number and use mobile applications and/or physical security devices for two-factor authentication
• Do not respond to calls from anyone asking you for your personal information, especially your full name, address, and mother's maiden name. Only provide such information if you've called your bank yourself, and as much as possible limit these interactions.
• Do not follow links received via email, especially those asking you to input your password, or answer questions with personal information. Only provide such information if you've personally opened an online banking website yourself
• Be weary of notices from government, organizations like banks verifying about your personal information
• Do not open email attachments from email addresses that you don't know and expect, especially when the files are in HTML, ZIP, JPG, DCOM, RAR, JAR, TGZ, TAR, JS, and APK format.

This list is by no means complete, so always remember to be vigilant, and in the event of suspicious activity immediately contact the help desk of the online service or financial institution you are subscribed to. UPDATES: Edits have been made pointing out the following:

1. Adding details of the kind of information compromised and adding a final warning.
2. Adding more detail on the risk faced by OFWs.
3. Adding a warning that using the aforementioned website exposes users to more security risk
4. Adding more formats to the list of dangerous attachment types.

As published on the ProtectPinas Facebook Group; Written by Jon Limjap, Milo Pacamara and compiled by Humprey Cogay and Toto Gamboa. #COMELECDataBreach #COMELECDataLeak #COMELeak Related:

• After Comelec data leak, what to do to protect yourself? [Rappler]
• Comelec data leak: How to protect yourself [ABS-CBN News]
• How to deal with leak of Comelec data, according to ICT rights group [GMA News Online]
• Website leaks Philippine voter data [Rappler]
• Experts fear identity theft, scams due to Comelec leak [Rappler]
• Philippine electoral records breached in 'largest ever' government hack [The Guardian]
• Fresh grad, 23, admits hacking Comelec site (3rd Update) [Rappler]
• Philippines arrests tech graduate suspected of hacking poll body's website [Reuters]
• Comelec hacker arrested [Manila Bulletin]
• *LOL* Comelec hacker arrested, asks NBI chief for a selfie [Inquirer.net]

Bonus: Apparently, someone was seen allegedly seeding the Internet with copies of the data breach file via the mail server(s) of Malacanang, the Presidential Palace itself! As Marnie Tonson says; "Now WHO's the IDIOT from Malacañang SEEDING the internet with the private information of registered voters from the ?#?COMELEAK? large-scale data breach??" "N.b., for non-Filipino readers of this status post, Malacañan Palace is where the President of the Republic of the Philippines resides and holds office."

Maybe somebody downloaded/torrented a copy and then forgot to turn it off or unshare it. Related Link: Netizens report: Malacañang torrenting copy of leaked Comelec data? [GMA News Online]