Report: Covid-19 portal Proud Makatizen vulnerability discovered, exposing data of over 300K Makati citizens

Pinterest LinkedIn Tumblr

A vulnerability was discovered on Proud Makatizen, a Covid-19 relief portal, that exposed data of over 300,000 Makati residents.

According to a report from vpnMentor, Proud Makatizen misconfigured an Amazon Web Services (AWS) S3 bucket, which exposed 39.7GB of data composed of over 620,000 files, including photos of ID cards (that include full names, addresses, photos, nationalities, etc.) as well as private medical and financial documents and information.

Proud Makatizen
Proud Makatizen Home Page

vpnMentor explains that Proud Makatizen was using an AWS S3 bucket, a popular enterprise cloud storage solution, to store data collected from its users. But they failed to properly implement the security settings which left the contents exposed and accessible by anyone with a web browser and technical skills.

vpnMentor discovered the vulnerability on March 30, 2022, and contacted the Philippines CERT (Computer Emergency Response Team) the following day. The vulnerability was fixed on April 7, 2022. The said data may have been exposed for almost 2 years, ranging from May 2020 to April 2022.

Over 300,000 Proud Makatizen users are potentially exposed to the data breach, involving over 620,000 files that included photos of ID cards, medical prescriptions, financial documents, and screenshots of bank transactions and proofs of payment. It potentially opens them to identity theft and fraud, phishing and smishing scams, and more.

Needless to say, concerned parties should wary of any suspicious SMS or calls, and avoid clicking on suspicious links from emails and text messages. For more information on how to protect yourself from smishing scams, go here.

Image Credit: Unsplash

Bryan is a tech enthusiast and self-admitted geek who enjoys writing about tech and watching clips on YouTube. He has over 20 years of experience in corporate communications, marketing services, and customer relations from different industries such as telecommunications and banking.

Write A Comment