Filipino credit app Cashalo suffers data breach

A data breach at a Filipino credit company has exposed customers’ sensitive personal details.

Cashalo, a fintech company offering cash loans and other financial services to customers in the Philippines, confirmed that “illegal access” of a database has resulted in the leak of some personally identifiable information.

Exposed details include the names, email addresses, phone numbers, device IDs, and passwords of customers.

Cashalo stressed that passwords were encrypted and said that no accounts were compromised as a result of the data breach.

It isn’t yet clear how many customers were affected by the incident.

Unauthorized access

The unauthorized access was discovered on February 18 during routine “proactive monitoring”, said Cashalo.

A statement reads: “We immediately took the system offline, commenced investigations, self-reported it to the Philippines’ National Privacy Commission, and took a number of steps to review and enhance our security measures.”

Customers affected by the incident will be notified directly either via email or in-app message, Cashalo said.

“As a precaution, we encourage customers to change their password,” the company advised.

“Please also continue to be on the alert for spam emails requesting personal or other sensitive information, as well as any unusual activity.

“Cashalo does not request customers to give their password information over email or phone.”

The Daily Swig has reached out to Cashalo for further information and will update this article accordingly.

Source: https://portswigger.net/daily-swig/filipino-credit-app-cashalo-suffers-data-breach