Back to Breach Tracker
Unauthorized Access
MediumResolved

Bulacan State University (BulSU)

Bulacan State University's student portal was breached by the Pinoy Grayhats group by exploiting outdated program coding. When administrators reached out, the group revealed noble intentions — exposing vulnerabilities to help schools secure their systems.

June 18, 2020Malolos, Bulacan, Central LuzonUnknown records affected

Key Facts

Date of Incident
June 18, 2020
Date Discovered
June 18, 2020
Records Affected
Unknown
Source
Manila Bulletin
Data Types Exposed
Student portal data
Response / Action Taken

BulSU administrators reached out to Pinoy Grayhats after the breach. The group cooperated and revealed their intent was to expose vulnerabilities, not to cause harm.

What Happened

On June 18, 2020, Bulacan State University's student portal (myportal.bulsu.edu.ph) was breached by the hacker group Pinoy Grayhats. The group exploited outdated program coding in the portal to gain unauthorized access.

When BulSU administrators reached out to the group, the Pinoy Grayhats revealed their noble intentions. As BulSU IT officer Reynaldo Gaspar Jr. told The Varsitarian:

> "Hindi naman nila ni-leak 'yong mga data [at] wala naman na-compromise, but they advised kung paano namin ise-secure 'yong system."

The group did not leak or sell data — they advised BulSU on how to secure their system. This is a hallmark of "gray hat" hacking: unauthorized access conducted not for malicious purposes, but to demonstrate real security weaknesses that schools had failed to address on their own.

How BulSU Responded

After the breach, BulSU took decisive action to upgrade its digital infrastructure:

> "Ang ginawa ng office namin, tinake-down muna, nag-offline muna 'yong system, then nag-upgrade ng new version para mas secure siya and nag-subscribe na kami ng Amazon Web Services (AWS)." — Reynaldo Gaspar Jr., BulSU IT Officer

BulSU learned to be proactive rather than reactive, establishing standard operating procedures and committing to regular code updates:

> "Hindi na namin inaantabayanan [na atakehin] kami. Bukod doon sa nag-subscribe kami sa AWS Cloud, lagi na kaming nagu-update ng aming programming na codings. We'll make it a point na kapag may bagong technology o nag-upgrade 'yong mga programming language ng version, magu-upgrade na rin kaagad kami."

This is exactly the kind of outcome that should happen after every breach — a school that turns a security incident into a catalyst for permanent improvement.

Broader Context

BulSU was one of over 20 Philippine schools hacked in June 2020. The Pinoy Grayhats, together with the Philippine Hacking University (PHU), had scanned school servers for vulnerabilities from May to June 2020, finding at least 20 schools with security weaknesses. Nine HEIs, including De La Salle University, Far Eastern University, and San Beda University, suffered sensitive data leaks from their student portals.

The group's approach highlights an uncomfortable truth: it often takes an outsider breaking in to make schools take security seriously. Many of the vulnerabilities they exploited — outdated code, unpatched systems, weak authentication — had likely existed for years.

In a separate incident in 2024, BulSU was also reportedly targeted by the hacking group HulkSec Philippines.

The Gray Hat Dilemma

While unauthorized access is illegal regardless of intent, gray hat hackers like the Pinoy Grayhats fill a gap that exists because most Philippine schools:

  • Have no bug bounty or responsible disclosure program
  • Lack the budget for professional penetration testing
  • Run on legacy systems that haven't been audited in years
  • Don't know their systems are vulnerable until someone breaks in

The better solution: schools should proactively assess their own security. The [Security Scorecard](/tools/security-scorecard) is a free starting point.

How to Prevent This

  1. 1.Keep all code and frameworks updated — outdated program coding was the specific entry point in this breach
  2. 2.Conduct regular vulnerability assessments — scan student portals for common vulnerabilities at least quarterly
  3. 3.Implement a Web Application Firewall (WAF) — to block common attack patterns
  4. 4.Use strong authentication — enforce MFA on all admin and staff accounts
  5. 5.Migrate to modern cloud infrastructure — BulSU's move to AWS Cloud is a model for other schools
  6. 6.Establish a responsible disclosure program — give security researchers a way to report vulnerabilities safely, so they don't have to break in to prove a point

Sources & References

  1. [1]
    Manila Bulletin Anatomy of a hack: How hackers breached vulnerable PH schools — BulSU referenced (July 1, 2020)
  2. [2]
    Secuna Blog More than 20 Philippine schools hacked just this June — BulSU listed among affected institutions
  3. [3]
    GitHub (ajdumanhug/gothacked) Registry of Philippine school hacking incidents — BulSU listed June 18, 2020 by Pinoy Grayhats
  4. [4]
    The Varsitarian Hacked here, hacked there: Investments needed to repel cyberattacks — details on Pinoy Grayhats' noble intentions after breaching BulSU
BulSUBulacanstudent portalPinoy Grayhatsgray hatoutdated codeCOVID-19 online learning