Here’s What Happened During the November 9 GCash Incident

Here’s What Happened During the November 9 GCash Incident

GCash faced a significant issue last November 9 when multiple users reported unauthorized transactions, most of which involved Php 2,000. The BSP has already urged GCash to resolve the issue and return the lost funds to affected users, and GCash has explained to ABS-CBN News what really happened.

GCash VP for Corporate Communications and Public Affairs Gilda Maquilan explained that the glitch started at 11 pm on November 8 when they noticed a spike in the use of GCash’s Send Ang Pao, which allowed users to send money to multiple users for gift-giving.

“‘Pag nagsend ka po ng Ang Pao na pang-regalo ito po ay papasok sa tinatawag na temporary wallet. Pagka ito ay na-receive lang po o nagpasalamat yung recipient, yung nakatanggap ng aguinaldo, saka lang po ito malalapit sa wallet niya,” Maquilan explained. “So nakita po namin ‘yan na hindi pa naman Pasko, hindi naman Chinese New Year, eh bakit tumataas ang ating transaction po dyan?”

From there, they started receiving complaints from Gcash users in the wee hours of the morning on November 9, Saturday, where they said that there were Send Ang Pao transactions on their accounts when they did not send any money. This prompted GCash to shut off the feature and conduct an investigation on the said product issue.

In their investigation, Maquilan ruled out allegations of phishing, data breach, and account takeover, and returned the money to affected users within 24 hours. Following the incident, Maquilan said that GCash reported it to the BSP immediately and voluntarily gave updates to the DICT and CICC.

Despite the incident, Maquilan assures the public that GCash remains to be safe.

2 Comments

  • Karlo , November 14, 2024

    I hope investigation by BSP and others shed more light on how much we can really trust GCash security.

    Something that investigators should look into: who are the *recipients* of the transferred funds and what were their actions after receiving them?

    A system glitch would look something like:
    – random recipients.
    – recipients are related to victims, such as having transferred to them before or in their phonebooks.
    – recipients are system/test accounts identified by GCash.
    – recipients reported unexpected funds, funds stayed in their accounts.

    A security breach might look something like:
    – the same, or a few, recipients.
    – common recipients among unrelated victims.
    – recipients tried to exit funds from their accounts.

    We expect GCash to have KYC info on the recipients and BSP should be able to verify this.

    Whether or not the money was returned to victims’ account is a separate concern because, of course, GCash can give funds to victims and write off any exited funds as a business loss.

  • Roel Cuizon , November 15, 2024

    Walang hiya kayo gcash! Na scam 89k ko. Nag reklamo Ako sa inyo at di na daw makuha pera ko! Kalukuhan! Bakitbsi nyo Sabihin Ang details Ng gcash number kung saan nalipat Ang pera ko? Paano nyo nakuha pera ko?

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest News

Latest Reviews

Best Phones in the Philippines

Best Guides

Recent Posts