Proud Makatizen is an official website from the city of Makati, Philippines.
Proud Makatizen had misconfigured an Amazon Web Services S3 bucket, exposing just over 620,000 files stored within.
The files included photos of ID cards, as well as private medical and financial information.
Data Breach Summary
What is Proud Makatizen?
More recently, the site also started providing information about, and forms to sign up for vaccinations.
Makatizen eWallet and GCash were two terms we saw come up often in files from the data breach.
Leaked image of a US citizen’s passport, a resident of The Philippines
Makatizen eWallet is a digital wallet system which Makati city encourages residents to use.
GCash is the service often used to make payments to and from this Makatizen eWallet.
But rare are these times.
Leaked image of a US citizen’s passport, a resident of The Philippines
We often need days of investigation before we understand whats at stake or whos exposing the data.
Understanding a breach and its potential impact takes careful attention and time.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
S3 buckets are a popular enterprise cloud storage solution.
They replied quickly and asked us to provide more information.
We disclosed the URL leading to the unsecured server and provided further detail about what it contained.
This could expose users to identity theft and fraud.
The documents seen in the breach included prescriptions and physicians letters explaining the details of the users medical condition.
The bucket contained roughly 200,000 of these files.
Financial Documents from Companies
The bucket contained several files showing financial documents from companies in Makati.
The documents showed some of the impact which the pandemic has had on the companies.
They also showed information such as transaction dates, account numbers, and names of accounts.
Financial Documents from Residents
The bucket contained about 12,000 files showing financial information from residents of Makati.
In a phishing campaign, criminals send victims fake emails and text messages imitating real businesses and organizations.
This is a story that happens far too often.
Unfortunately, some of these services were set up in haste and were released without the necessary security precautions.
Rather, they typically occur due to mistakes made by the bucket owners themselves.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect The Internet!
Check the Leak Box here »
c’mon, comment on how to improve this article.
