Change your passwords, now
Local hacking collective Pinoy LulzSec has announced that it has managed to breach the servers of Cebu Pacific via their GetGo portal yesterday evening.
While it’s not clear what data the hackers managed to collect, they made a promise via Twitter that a “large data breach was coming from GetGo to CebPac”.
Large Databreach Coming 🙂 From GetGo to CebPac <3 Active Directory is lyf.
Hello @CebuPacificAir ;*https://t.co/6MaH66oPfn
[+] Mirror [+]https://t.co/6nxS92inra
~kangk0ng pic.twitter.com/sjUyHU1ymR
— Pinoy LulzSec (@PinoyLulzSec__) April 24, 2019
Cebu Pacific has confirmed that there was unauthorized access to a GetGo application server last night and that the server has been secured.
While preliminary investigation on the breach is still on-going, the company said that no credit card information was stored in the server, and they have temporarily disabled log-in using GetGo credentials to the cebupacificair.com website and mobile app, both of which remain secure. The National Privacy Commission has been informed of the breach and the company is working with them on the investigation.
There’s no word yet on the extent of the server breach, but like with any incident like this it’s a good idea to immediately change your passwords if you have a habit of recycling and reusing them.