SEVERAL netizens bemoaned on social media on Saturday alleged unauthorized withdrawals from their GCash accounts.
Veteran comedian Pokwang said her GCash account was drained.
“I am trying to earn an honest living and provide jobs for single mothers. Then I woke up one morning, and my GCash account was emptied,” Pokwang posted in Filipino on Instagram Saturday.
She added the withdrawals were attributed to 30 different numbers, noting the unreliability of the mobile payments service might affect her condiment business.
“There were different numbers that weren’t registered — almost 30 unregistered numbers. Whatever happened to the SIM Card Registration Act?” Pokwang said.
Rose Gonzales, a member of a band performing on cruise ships, said her GCash account registered 50 unauthorized transactions of P2,000 each for a total of P100,000 in just three minutes.
“To those who think they’re being clever, there are no gambling apps linked to our account. We do not gamble. Not even on Google or any other platform. There are no subscriptions or anything like that. We are also on a ship, so we don’t have full access to the internet. We’ve never clicked on any link; we’re very careful about that,” she posted on Facebook.
Gonzales added each “money sent” notice registered two different numbers per transaction.
On Reddit, user EastTourist4648 claimed malicious actors were able to extract funds using GCash’s “send to many” option without a one-time password (OTP) or phishing links.
“All users who have been impacted by this incident with GCash overnight did not click on any links or provided any OTP. The matter is particularly alarming since GCash only allows one phone to be linked, making account takeovers very difficult,” the post read.
It added that OTPs and text messages were being intercepted, indicating a “catastrophic” security breach.
The “send to many” feature, which can send money to as many as 10 people, was disabled by the mobile wallet app as of press time.
Cybersecurity organization Deep Web Konek said the “send to many” glitch was first observed around 2 a.m. on Saturday.
In a brief statement, GCash said some users were affected by a “system reconciliation process” and that all accounts were safe.
“A few GCash users were affected due to errors in an ongoing system reconciliation process. This incident was isolated to a few users, and we assure our customers that their accounts are safe. We have identified and reached out to affected accounts. Wallet adjustments are ongoing,” it said.
A text message was sent to users who lost funds confirming the unusual activity.
“We have detected unusual transactions in your GCash accounts,” the message read.
Affected parties were urged to reset their mobile personal identification number immediately.
A notice on GCash’s official website advised users who noticed unauthorized transactions to check platforms where Cash is a linked payment method, change their MPIN, and report questionable transactions.
As of press time, the mobile payments service’s parent company, Globe Fintech Innovations Inc., was yet to issue an official statement.
Be the first to comment