Close Menu

    Fintech News Network 10-Year Anniversary

    Free Newsletter

    Fintech News Network 10-Year Anniversary

    Security

    GCash Says Systems Secure as Dark Web Data Leak Rumors Swirl

    The listing, posted on October 25, allegedly offered millions of user records for sale, including eKYC data and linked accounts. GCash, however, says its internal forensic investigation found no signs of a breach.
    Izzat Najmi Abdullah4 Mins Read
    GCash Data Leak

    Over the weekend, reports spread across social media claiming that a dark web seller was offering millions of GCash user records, including eKYC information and linked bank accounts.

    But the country’s arguably largest mobile wallet company moved quickly to respond, saying that its systems remain secure and that no breach had taken place.

    On October 25, a dark web user under the handle “Oversleep8351” posted what was described as a massive cache of data allegedly belonging to G-Xchange, Inc., the operator of GCash.

    The listing claimed to contain information from both merchant and basic accounts, covering transactions and registrations from 2019 to October 2025.

    According to the post, the dataset included GCash account numbers, linked financial accounts, and verified eKYC details such as names, addresses, and employment records.

    The seller claimed that the collection spanned about seven to eight million users and offered it in bundles ranging from US$700 for 20,000 users to US$25,000 for the full database.

    Cybersecurity monitoring group Deep Web Konek was among the first to flag the post, and the National Privacy Commission (NPC) confirmed that it had launched an investigation.

    The agency said its Complaints and Investigation Division issued a Notice to Explain to G-Xchange and has scheduled a clarificatory conference to gather more information.

    GCash Data Leak - Deep Web Konek Photo 1

    GCash Data Leak - Deep Web Konek Photo 2
    Deep Web Konek’s post on the alleged claims that millions of data of GCash users were sold on the dark web.

    GCash Pushes Back on the Data Leak Claims

    GCash later issued a statement to InsiderPH saying that an internal forensic probe found no evidence of a data breach.

    The company explained that the dataset circulating online did not match its internal data structure and that several entries appeared to include people who are not GCash users.

    “Initial findings show that the alleged dataset does not match the data structure used within GCash systems,” the company said. “Further analysis reveals that it includes individuals who are not GCash users, and that many entries appear incomplete, inconsistent, or invalid.”

    GCash emphasised that customer accounts and funds remain secure.

    It also said that it is working closely with the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission, and the Cybercrime Investigation and Coordinating Center (CICC) to validate the claims and to ensure that its infrastructure stays protected.

    The company also reminded users to report any suspicious activity only through official channels such as the GCash Help Center or its in-app chatbot, Gigi.

    “We urge users to remain vigilant and to report any suspicious activity only through official GCash channels,” it said.

    Authorities Are Taking a Closer Look

    In its own advisory, the NPC confirmed that it had opened an investigation after learning of the dark web post.

    The agency warned that if proven authentic, the data leak could expose millions of Filipinos to identity theft, phishing, and other financial risks due to the inclusion of verified eKYC records.

    The privacy body advised users to regularly update their passwords and MPINs, enable all available security features, and remain cautious of potential phishing attempts.

    As of October 27, G-Xchange had not filed an official breach notification, which the NPC noted as part of its ongoing probe.

    High Stakes for GCash as It Prepares to Go Public

    The timing of this alleged leak could not have been more delicate. GCash’s parent company, Globe Fintech Innovations, Inc. (Mynt), is preparing for a much-anticipated public listing that could value the fintech at more than US$8 billion.

    Market observers have described the IPO as a milestone moment for the Philippine startup ecosystem, one that could put the country on the regional fintech map.

    But according to recent reports, GCash has decided to delay its initial public offering to the second half of 2026, citing weak market sentiment and a 17% decline in the Philippine Stock Exchange Index over the past year.

    For a company that serves over 94 million Filipinos and plays a central role in the nation’s digital payments ecosystem, public confidence remains crucial.

    For now, GCash stands by its statement that no data breach has been found and that all customer information remains secure.

    Featured image: Edited by Fintech News Philippines based on an image by p_prakash via Freepik.

    Share.

    Author

    Izzat Najmi

    Izzat Najmi is a Senior Writer for Fintech News Philippines.

    Related Posts