Major telecommunications company PLDT, Inc. on Thursday said that its cyber security team is already conducting an investigation into the incident of hacking of its official Twitter account dedicated to customer service.
PLDT public affairs head Ramon Isberto disowned a tweet of the company’s Twitter account @PLDT_Cares which handles inquiries from the public, particularly subscribers of PLDT Home, the firm’s retail fixed line services offering broadband, among others.
Hackers group Anonymous Philippines on Thursday noon took over the customer service account of the telcom giant and changed its Twitter handle to “PLDT Doesn’t Care.” It posted a photo of Guy Fawkes mask, popularized by hacktivist collective Anonymous in 2008.
This mask was “immortalized in the movie ‘V for Vendetta’ and has become a global symbol of protest and anonymity,” according to The Business Insider.
The hacking group also demanded the PLDT to provide better internet at a time when most Filipinos are studying and working from home under the COVID-19 lockdown.
“As the pandemic arises, Filipinos need fast internet to communicate with their loved ones. Do your job. The corrupt fear us, the honest support us, the heroic join us. We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us,” the hackers said.
The group also tagged the Twitter account of a rival telco firm, Globe Telecom, Inc., and threatened that it was “next.”
The company didn’t respond to request for comment.
Anonymous Philippines has been involved in several hacking incidents in the past.
Its activities included hacking into Chinese government websites in protest of Beijing’s encroachment in the West Philippine Sea and defacing the Comelec‘s website to demand better security features in voting machines.
Following the hacking incident, the hashtag #PLDTHacked trended on Twitter as the hackers used it in their tweets.
Isberto denounced the tweets as “fake” and responded to the hackers’ calls for better internet by insisting that the company has made steps to improve its network during the previously-imposed enhanced community quarantine.
“PLDT provided speed boosts for its Fibr customers and Smart Communications increased data allocations for its mobile phone customers. That’s also why, despite the restraints on movement and supply chain problems, we continue to invest heavily in our network roll out for Fibr and LTE,” he said in a statement.
“As a result, our customers have been using more extensively a wide range of data and digital services that have helped them cope with life under lockdown,” Isberto added.
The company also assured its customers that the security issue “was limited only to the Twitter account” and was not able to affect its network and services.
Security concerns
In one of its tweets, Anonymous Philippines posted the supposed login information of the PLDT’s Twitter account.
The hacking incident sowed fears to some Filipinos who shared their concerns on the private customer information exchanged with the Twitter account through direct messaging.
As the primary account dedicated to customer service, @PLDT_Cares handles inquiries of all sorts from different subscribers.
It usually asks details of a customer’s account in order to fix reported issues which would include their name, home address, telephone and mobile number and an e-mail address.
“For every technical inquiry we have for @PLDT_Cares, we are providing some sensitive info. Since they’re hacked and there’s a possibility that some customer data have been exposed, is this a violation against Data Privacy Act?” a Twitter user asked.
“I don’t have a PLDT account. I’m not scared, I’m worried that information about the other people can be used in the wrong way, and you very well know how the Internet works. Scammers can pose as PLDT agents with the goldmine of information on the DMs. You never know,” another online user said.
Manila Bulletin columnist and blogger Tonyo Cruz tagged the official Twitter account of the National Privacy Commission (NPC) to make them aware of the concerns.
The government agency responded and said that it is “already looking” into the incident.
Hacking is prohibited by the Republic Act 10175 or the Cybercrime Prevention Act of 2012.
As of Thursday evening, NPC said that the telco firm has a working data protection team “that should be on top of its data breach.”
“We are awaiting their official report on the matter,” NPC privacy commissioner Raymund Liboro said in a statement.
He assured the public that the company is also required to notify its subscribers if their data has been compromised so that the public “can take the necessary measures to protect themselves against possible effects of the breach.”