Report: Covid-19 portal Proud Makatizen vulnerability discovered, exposing data of over 300K Makati citizens

A vulnerability was discovered on Proud Makatizen, a Covid-19 relief portal, that exposed data of over 300,000 Makati residents.

According to a report from vpnMentor, Proud Makatizen misconfigured an Amazon Web Services (AWS) S3 bucket, which exposed 39.7GB of data composed of over 620,000 files, including photos of ID cards (that include full names, addresses, photos, nationalities, etc.) as well as private medical and financial documents and information.

Proud Makatizen
Proud Makatizen Home Page

vpnMentor explains that Proud Makatizen was using an AWS S3 bucket, a popular enterprise cloud storage solution, to store data collected from its users. But they failed to properly implement the security settings which left the contents exposed and accessible by anyone with a web browser and technical skills.

vpnMentor discovered the vulnerability on March 30, 2022, and contacted the Philippines CERT (Computer Emergency Response Team) the following day. The vulnerability was fixed on April 7, 2022. The said data may have been exposed for almost 2 years, ranging from May 2020 to April 2022.

Over 300,000 Proud Makatizen users are potentially exposed to the data breach, involving over 620,000 files that included photos of ID cards, medical prescriptions, financial documents, and screenshots of bank transactions and proofs of payment. It potentially opens them to identity theft and fraud, phishing and smishing scams, and more.

Needless to say, concerned parties should wary of any suspicious SMS or calls, and avoid clicking on suspicious links from emails and text messages. For more information on how to protect yourself from smishing scams, go here.

Image Credit: Unsplash

Bryan is a geek at heart and a tech enthusiast by choice. He has a strong background in corporate communications, marketing services, and customer relations having worked in the telecommunications and banking sectors for over two decades. In his spare time, he enjoys watching clips on YouTube and binge watching shows on Netflix.

Write A Comment