Jollibee Internal Portal Breach Exposes Thousands of Corporate Files
A data breach involving an internal portal of Jollibee Foods Corporation has surfaced on an underground forum, where a newly registered threat actor identified as “glep” claimed unauthorized access to their internal portal. The actor reportedly extracted a structured dataset consisting of 5,915 internal files, amounting to approximately 2.7GB compressed (2.9GB extracted), and made it available within the forum.
https://iili.io/qtVaP5l.png
Based on initial analysis, the dataset is composed primarily of PDF documents, alongside several HTML files believed to be system-generated templates or exported data from internal tools. The structure and consistency of the files suggest that the source is a centralized internal repository used for operational management, documentation, and corporate coordination across multiple business units.
The exposed materials include a wide range of internal content such as store operation memos, company policies, compliance and audit guidelines, crew training manuals, and assessment documents. Additionally, several portion of the dataset is tied to marketing operations under Marketing-in-Charge covering promotional campaigns, rollout strategies, and execution materials across different regions and time periods. File naming conventions indicate multi-year coverage, reflecting ongoing operational and marketing activities within the organization.
https://iili.io/qtVatse.png
https://iili.io/qtVaQz7.png
Of particular concern is the reported presence of enrollment tokens (enroll tokens) within the dataset, which may be associated with internal authentication or onboarding systems. While the validity and current usability of these tokens remain unverified, their exposure introduces potential risks if not properly invalidated. Furthermore, the inclusion of HTML-based files suggests that portions of the dataset may provide insight into internal system structures or interfaces, extending the impact beyond static document leakage.
At this stage, there is no confirmed evidence of customer or payment data exposure. However, the nature of the compromised files presents notable risks, particularly in enabling social engineering, impersonation of internal communications, and targeted attacks against employees or operational units. The availability of detailed internal workflows and corporate processes may also aid threat actors in identifying systemic weaknesses.
The exact method of compromise remains unclear, though the incident points toward a likely an infostealer or inadequate access control within the affected subdomain or internal portal. Such exposures are commonly associated with improperly secured endpoints or repositories that are inadvertently made accessible without sufficient authentication safeguards.
As of writing, Jollibee Foods Corporation has not issued an official statement regarding the incident. The full extent of the breach, including potential internal impact and remediation efforts, is yet to be disclosed.
