Philippine Educational Institutions’ LMS Allegedly Breached, Data for Sale on Dark Web
An alleged data breach involving several educational institutions in the Philippines has surfaced on a cybercrime forum, with sensitive information purportedly being sold. The claim, which appeared on a forum under the alias “AFish,” has raised concern due to the number of records mentioned and the schools listed as affected. However, Deep Web Konek stresses that the authenticity of the breach has not yet been confirmed and is currently under investigation.
In the forum post, the user claimed to have obtained data from a Learning Management System (LMS) covering students, teachers, school administrators, and website administrators. The information allegedly includes personal email addresses, courses, school names, student numbers, and birth dates. The seller also claimed that “non-hashed passwords” were part of the dataset, suggesting weak or insecure credential storage practices.
According to the post, the breach allegedly involves 132,037 student records, 14,145 teacher records, 41 school administrator records, and 4 website administrator records. The seller noted that while not every field is fully populated, identifiers such as full name, school name, and school year appear consistently across the data. The dataset is being offered for $60 in Monero (XMR), with the offer restricted to a single buyer. The seller also claimed to include specialized tools and a guide for anonymity and spying alongside the database.
The forum post provided a truncated list of institutions said to be affected. These include VHS Manila, Colegio San Agustin (CSA), Philippine Christian School (PCS), Notre Dame University (NDU), and Don Bosco schools, along with other schools. The inclusion of these schools has drawn immediate attention, though DWK cautions that cybercriminals frequently exaggerate, misrepresent, or recycle data to increase interest in their sales.
The seller’s reference to plaintext passwords and administrator accounts adds another layer of concern, as such details, if accurate could allow attackers to gain unauthorized access to institutional systems.
As of this writing, none of the institutions named in the forum post have issued public statements. DWK advises the public to approach the claim with caution and skepticism.
Updates will be provided as soon as more verified information becomes available.
