No customer data hacked, says Globe

Message from hacktivist group BloodSec International. Screencap from the group’s website.

MANILA, Philippines—Globe Telecom said on Friday that no customer data was compromised during a Nov. 27 hacking incident by an alleged hacker activist group called Blood Security Hackers.

Globe said the incident mainly involved the defacement of four of its websites hosted by a third-party vendor Movent at around 10 p.m. The hacking group claimed that its actions were motivated by what it described as Internet services “not worthy of [ what] we pay for.”

The affected websites are mybusiness.globe.com.ph, duo.globe.com.ph, payroll.globe.csme.com and update.globe-csme.com. These have been taken down immediately so the company can conduct the appropriate security checks, Globe said in a statement.

“Globe assured its customers that no critical customer data had been compromised as this information is not stored in the affected websites,” it said.

“The said websites are used for advertising and marketing purposes only and are not connected to any of the private internal customer systems. Globe also said that its own Globe-hosted websites were not compromised,” it added.

Globe added that the server where the four websites are hosted are managed by a third-party partner and outside of the Globe Corporate and Enterprise Network, where appropriate preventive and detective controls are in place.

The attack is isolated on their end and was brought about by an unpatched vulnerability which is currently being addressed, Globe said.

“Rest assured, our security incident response teams are currently investigating and conducting forensics in various areas to make sure that the incident is properly managed,” Globe Chief Information Security Officer Anton Bonifacio said.

RELATED STORY

Globe website hacked due to ‘poor internet connection service’