Hackers Get 70M Filipinos’ Voter Data, Make Search Engine

One of the biggest hacks in history is now easy to browse

Illustration: Vocativ
Apr 21, 2016 at 1:28 PM ET

Hacked information on tens of millions of Filipino voters has become completely exposed, thanks to an anonymous new search engine.

A group called Lulzsec Pilipinas—a name that’s a nod to Lulzsec, an Anonymous-spinoff hacker group that wreaked havoc in 2011, claiming responsibility for the Sony email hack—hacked a huge Philippine government database in March. Now a different party has uploaded the hacking information and made it extremely easy to search for identifying information on a huge swath of the Filipino population—approximately 70 million voters’ information, by the site’s claim.

The contents of that search engine come from the Philippines Commission on Elections (COMELEC), which maintains a huge database of voter data. Lulzsec Pilipinas breached that database in March, and at the time made the information available as an enormous torrent file, available for any interested hacker or researcher, but difficult for everyday users to access.

Now, with the creation of the search engine, this information is far more accessible. After entering a person’s full name, a visitor can see their birthday, birth location, current address, marital status, parents’ names, passport information, vehicle information number and citizenship information. If the individual is registered to vote from abroad, their foreign address is also available. COMELEC also records voters’ fingerprints when they register. Fingerprint data is not available in the search engine, though it may be in the raw, dumped data.

A number of registered Filipino voters confirmed to Vocativ that they or their family members are in the searchable database. Two said that they, as individuals, were not. “I’m worried and upset for my dad’s information being publicly available because of possible identity theft issues,” one Filipina woman living in Muntinlupa City told Vocativ. “His name is frequently used for a lot of our government and banking transactions and the fact that even the address (right down to the very number of the house) [is available] means that privacy has gone completely out the window.”

“My husband opened the link, he found both our names,” another Filipina woman told Vocativ. “I’m upset mostly because it stated our home address. And that’s just creepy.”

In a previous chat conversation with Vocativ, using a since-deleted Facebook account, a member of Lulzsec Pilipinas said that, “We did this to show them what we are capable of. We just want a clean and honest election process.”

COMELEC spokesperson James Jimenez, in a statement posted to Twitter, said that the country’s National Bureau of Investigation CyberCrimes division was investigating the hack and search engine, and that it had arrested one of the hackers involved. Messages to Lulzsec Pilipinas through other channels were not immediately returned.

The creator of the site told Vocativ that its contents should be seen as a lesson. “To government: protect your citizens’ data. You spend a ton of money on building systems like this, pay a few grand to a security auditor. To citizens: your data is never safe. Don’t share it without a real need.”

The Philippines’s next presidential election is scheduled for May 9.