PLDT: No record of data being downloaded from company's support account

While hackers could have hypothetically grabbed data from PLDT's support Twitter account, the company says there's no record of customer data being downloaded from it

by
https://assets.rappler.com/612F469A6EA84F6BAE882D2B94A4B421/img/55A448838957437D84173C6478676A18/pldt-fiber-boost-20200313_55A448838957437D84173C6478676A18.jpg

MANILA, Philippines – PLDT said on Friday, May 29, it had concluded an investigation by the company's Cyber Security Operations group on its hijacked Twitter support account PLDT_Cares, finding no record of customer data being downloaded or exfiltrated from it.

On Thursday, May 28, PLDT's support account, PLDT_Cares, was taken over temporarily by a group claiming to be Anonymous Philippines.

The takeover meant the hackers could post as PLDT_Cares on Twitter, while also having access to direct messages on the account.

Under the circumstances, this also meant the hackers would have had access to all the details on the various direct messages sent to the account over time, and could hypothetically grab details they wanted if they so chose. To provide assistance, the PLDT_Cares Twitter account may ask customers to provide details such as account name, account number, and when possible, a service reference number through direct messaging.

In a statement Friday, PLDT said "a thorough investigation conducted by our Cyber Security Operations group has shown that there is no record of customer data download or exfiltration from the @PLDT_Cares Twitter account."

The company added it would "communicate these findings to the National Privacy Commission as well." – Rappler.com