Cebu Pacific Air’s rewards program GetGo was hacked earlier today by Pinoy LulzSec. In a statement released on their official Twitter account, the notorious hacking group warned that a “large data breach is coming”.
Led by kangk0ng, Pinoy LulzSec defaced the webapi subdomain of GetGo and hinted that they managed to access the active directory of the organization including its parent company – the low-cost airline Cebu Pacific.
GetGo was quick to take down the defaced page but the group secured a mirror copy as evidence of their attack.
As of this writing, Pinoy LulzSec has yet to announce when are they going to release more details about the supposed ‘data breach’.
The group also tagged the National Privacy Commission’s (NPC) official Twitter account to call the airline’s attention and issue a breach notification.
This article will be updated as soon as we get new developments about this news.
April 25, 2019 – Cebu Pacific Air released an advisory confirming the unauthorized access that happened in their GetGo application server. The said compromised server does not contain any credit card information. The company has since applied the necessary security measures.
April 25, 2019 – NPC also released a press statement detailing the initial reports sent by Cebu Pacific to their office.