Website claims: Registered voters' sensitive data easily searchable

Metro Manila (CNN Philippines) — A website called wehaveyourdata claimed it carries the sensitive data — such as full name, complete address, and passport number — of at least 70 million registered Filipino voters.

Last March, the website of the Commission on Elections (Comelec) was hacked by Anonymous Philippines. Hours later, a Facebook user named Lulzsec Pilipinas claimed to possess Comelec's leaked database and posted the mirror links on Facebook.

The links posted by Lulzsec Pilipinas was mostly in codes and could not be easily understood by a person with no knowledge in information technology (IT), but wehaveyourdata just made it easier for registered Filipino voters' data to be available to anyone with internet access.

Related: 55M Filipino voters open to fraud after Comelec hack – int'l tech security firm

The website's homescreen contains three search fields asking for a person's given name, surname, and mother's maiden name. You can opt to only enter two fields, such as a person's first name and last name, and it will give you choices of people listed under the name.

It will then lead to a treasure trove for identity thieves and scammers: the registered voter's full name, birthdate, fingerprint information, parents' full name, the complete address of residence, passport number, and more.

CNN Philippines tried to search for information of some registered voters; some results came out accurate (with complete address), outdated, inaccurate (with wrong barangay), while some rendered no results.

The site credited Lulzsec Pilipinas, saying it was able to copy all the leaked data which was posted by Lulzsec Pilipinas on website archive.org.

The Comelec has information on registered voters’ names, addresses, birth dates, and in some cases — email addresses and passport numbers.

The poll body has yet to confirm whether the leaked data are indeed from its database.

'Continuing attack on privacy' – Comelec

Comelec spokesperson James Jimenez issued a statement via Twitter on Thursday, advising the public not to use the site as it can be used by the hackers to steal information and further expose them to identity theft.

"The Comelec has not yet verified the accuracy of the data the hackers claim to have copied and the investigation [by the National Bureau of Investigation Cybercrime Division] is ongoing," said the statement.

Jimenez ended the statement with an apology, "I apologize for this continuing attack on your privacy and assure the public that the Comelec is doing everything we can to resolve this matter the soonest possible."

Jimenez said the poll body is going after the website and doing all it can to shut down the site.

"We're doing everything we can to take down the site. We know how frightening this is and we are intent on making it right," he responded to a concerned netizen. 

Meanwhile, Comelec Commissioner Rowena Guanzon said on Thursday the poll body is looking into who should be accountable for the data breach.

"I don’t know if heads should roll but I think that we have called the head of the ITD [Information Technology Department]. To explain why this happened and what do they intend to do to make our website more secure."

She also made an appeal to the hackers.

"Kaya sabi ko nga po, tama na 'yan, mga anak. Sige na, you na, ikaw na yun. Genius na kayo. Tama na. Huwag niyo na kami i-hack ulit. Mag-eeleksyon na."

[Translation: We get it, you're geniuses. Do not hack us again; it is almost election day.]

It is barely three weeks to go before election day (May 9).

How to protect yourself

If you are one of those whose accurate information is readily available on wehaveyourdata, Jimenez gave a few tips on how to protect yourself from scammers.

He urged the public to change their email passwords and contact their credit card company to tell them their personal information may have been compromised due to the data leak.

CNN Philippines correspondent JC Gotinga contributed to this report.