Alleged LMS Data Breach Exposes UP Tacloban Students’ Information

By: UndeciDev | Team Member A threat actor using the alias “jamesyu” has claimed to be selling data from the Learning Management System (LMS) of a prestigious university in the Philippines. The post advertised access to sensitive student information, including full names, e-mail addresses, degree programs, city locations, interests, and even profile pictures. According to the actor, the dataset can also be leveraged to generate institutional e-mails by following a strict format. Further communication with the threat actor revealed that sample data was provided for verification, and the actor asserted the dataset contained more than 1,600 rows. An analysis of this data indicates that the breach involves the LMS platform of the University of the Philippines (UP) Tacloban. The exposed information includes student names, official university e-mail addresses under the @up.edu.ph domain, degree programs, department affiliations, and profile image links hosted directly on the official LMS domain (lms.uptacloban.edu.ph). Examples from the dataset show records of students from BA Psychology and BA (Social Sciences) Political Science programs, with entries reflecting Tacloban City and Balangiga as listed locations. If confirmed, this breach would represent a serious privacy risk for students whose academic and personal details are exposed online, with potential implications for phishing, identity misuse, or unauthorized account access. As of now, there has been no official statement from the university regarding the alleged breach.

Other contents

New Home For Deep Web Konek

New Home For Deep Web Konek

House of Representatives Website Defaced, Attackers Post Anti-Corruption Message

House of Representatives Website Defaced, Attackers Post Anti-Corruption Message

Philippine Army Fitness System Breach Exposed by DeathNote Hackers Member “Klammer”

Philippine Army Fitness System Breach Exposed by DeathNote Hackers Member “Klammer”

Senate Website Hit by Second Apparent Defacement, Threat Actor SentinelX Claims Responsibility

Senate Website Hit by Second Apparent Defacement, Threat Actor SentinelX Claims Responsibility

Viva Communications Allegedly Suffers Data Breach, 10GB of Internal Documents Claimed Leaked

Viva Communications Allegedly Suffers Data Breach, 10GB of Internal Documents Claimed Leaked

Philippine Government Joins Have I Been Pwned to Strengthen Cybersecurity Monitoring

Philippine Government Joins Have I Been Pwned to Strengthen Cybersecurity Monitoring

Nearly 1M DepEd Records Allegedly Exposed in Training Platform Breach, Claimed by NullSec Philippines

Nearly 1M DepEd Records Allegedly Exposed in Training Platform Breach, Claimed by NullSec Philippines

Philippine Drug Enforcement Agency Data Breached; Threat Actor Issues 48-Hour Ultimatum

Philippine Drug Enforcement Agency Data Breached; Threat Actor Issues 48-Hour Ultimatum

Alleged 13-Million Philippine Data Leak Emerges, Retail and Payment Ecosystem Under Investigation

Alleged 13-Million Philippine Data Leak Emerges, Retail and Payment Ecosystem Under Investigation

Multiple Fast Food Chains, Government Entities Potentially Exposed in Large-Scale Supply Chain Breach

Multiple Fast Food Chains, Government Entities Potentially Exposed in Large-Scale Supply Chain Breach