Information on 3.3 million users of a mobile lending platform were found for sale in the dark web after a data breach last month, privacy regulators said.
Usernames, passwords, email addresses, phone numbers and other information from Cashalo, the lending platform, were being sold by username “creepxploit” based on the initial investigation of the National Privacy Commission.
The watchdog’s preliminary findings were in direct contrast with that of Cashalo, which reported that no account has been compromised by a data breach last February 18.
The privacy body said, “The user may have successfully downloaded files from the database of the application, [which was still up for selling as of] February 22.”
In fact, the infiltration of personal information was so extensive that the vendor even provided sample data to prospective buyers of the information, a direct threat to the privacy of the individuals who used the Cashalo service.