Kingdom of Jesus Christ Website Breached, Thousands of Member Records Allegedly Exposed
The official website of the Kingdom of Jesus Christ, the religious organization founded by televangelist Apollo C. Quiboloy, has reportedly been compromised following a cyberattack attributed to the threat actor known as 4HmD0s4. The incident surfaced after the website was defaced with a political message, alongside the circulation of backend database files allegedly linked to the organization’s web infrastructure.
As of this time, the team’s analysis has verified approximately 15,000 individual records contained in a CSV file believed to be part of the leaked data. However, indicators within the database structure suggest that the total volume of exposed records may be significantly larger, potentially affecting more individuals connected to the organization’s online platforms.
The reviewed dataset shows that the compromised information originated from website-based forms used for online mass prayers, member engagement, and supporter interactions. The exposed fields include first names, last names, email addresses, mobile or SMS contact numbers, and country of residence. A consent-related field, labeled “acceptance correctinfo,” is also present, indicating whether users agreed to information or data policies at the time of submission.
https://iili.io/ftNmaN2.png
https://iili.io/ftNmIPn.jpg
In addition to personal details, the leaked records include system and activity metadata, such as system identifiers, source and screen references, and timestamps showing when records were created or last updated. The team note that this metadata may allow attackers to profile user behavior, identify highly active participants, and distinguish recurring contributors from casual site visitors.
The structure and formatting of the data suggest that the attackers may have gained access to backend systems, rather than performing a simple website defacement. The organized nature of the records is consistent with data generated by form-handling plugins commonly used in WordPress-based websites. There is currently no public indication that the exposed information was encrypted or otherwise protected.
The exposure of personal contact details combined with engagement-related metadata places affected individuals at risk of phishing attempts, impersonation schemes, donation-related fraud, and targeted harassment. Some of the affected users were reportedly regular participants in online mass prayers, with several identified as active supporters, increasing the likelihood of tailored social engineering attacks.
The reported breach comes amid ongoing legal developments involving Apollo Quiboloy, founder and leader of the Kingdom of Jesus Christ. In the Philippines, Quiboloy faces multiple criminal cases involving allegations of human trafficking, sexual abuse, and labor exploitation which Philippine authorities have confirmed his arrest in connection with these cases.
In the United States, Quiboloy is also listed on the Federal Bureau of Investigation’s wanted list, facing charges including conspiracy and sex trafficking. These cases have intensified international scrutiny of organizations associated with him, including the Kingdom of Jesus Christ’s online presence and data-handling practices.
As of publication, the Kingdom of Jesus Christ has not released an official statement confirming the breach or detailing remediation measures. It is also unclear whether affected individuals have been formally notified or whether data privacy regulators have been engaged.
Further validation is ongoing to determine the full scope of the exposed data, the authenticity of additional files circulating online, and whether systems beyond the public-facing website were impacted.
