Following the discovery of serious privacy and security breaches in the 1SAMBAYAN (1Sama Ako) membership app last weekend, a statement on the 1Sama Ako data breach was released by fr. Armin Luistro, FSC, 1SAMBAYAN Coordinator / Head of Membership Committee.
According to fr. Armin, upon receiving the information related to the data breach on Saturday, June 12, 2021, the system was immediately put into maintenance mode to prevent further access to their data. He added that the culprit was the API (Application Programming Interface) used for the latest version of the app and that it had already been fixed. The former DepEd secretary also said the ‘hacker’ (the guy who disclosed the data breach through Manila Bulletin’s tech news editor Art Samaniego) was a professional with malicious intent. .
I tried installing the 1Sama Ako app on my aftermarket Android device on Monday afternoon, but the registration / account creation page no longer works correctly. The app was created by a certain Creative Synergy, Inc. (whose website defaults to a non-HTTPS version), the same people behind the social distancing app Too Close, the FMA app – Know Your Rights and the V4Leni application. Google search points to Vicente “Enteng” Romano III as CEO of Creative Synergy, Inc. Romano served as Under Secretary of Tourism during the last Aquino administration. He resigned after assuming responsibility for the “Pilipinas Kay Ganda” controversy.
On the same statement, 1SAMBAYAN asked interested volunteers to download the membership application form from their website. https://1sambayan.org with instructions for sending the completed forms to an email address.
This archaic approach to encouraging volunteer registrations made me think if the IT people behind the coalition were thinking of using Google Forms or Microsoft Forms instead of asking people to download an Excel spreadsheet, fill it out, and send it back to them. by email. Didn’t they think this might be more of a potential cybersecurity nightmare on their part?
My opinion on the 1SAMBAYAN website
First and foremost, it is not something political on my side. I have great respect for some of the people behind the coalition. This is part of my advocacy to promote privacy, security and safety online.
While surfing the 1SAMBAYAN website (or any website) the first thing I check is what the EFF Privacy Badger (install as an add-on in your favorite web browser) has blocked. For this site, he blocked one (01) potential tracker – Google Analytics.
Whoever is the Acting Data Protection Officer (DPO) of 1SAMBAYAN should ensure that things like advising website visitors, especially those who will be filling out their membership application form, on the types of data to be collect, process, store and for what valid purpose is the current data collection.
All the best to our friends from 1SAMBAYAN.
SUBSCRIBE TO THE DAILY NEWSLETTER
CLICK HERE TO SIGN UP