What Happened
On June 17, 2020, the Pinoy Grayhats hacker group gained unauthorized access to the student portal of the University of St. La Salle (USLS) at apps.usls.edu.ph in Bacolod City.
This breach was part of a coordinated campaign by Pinoy Grayhats and the Philippine Hacking University (PHU) community to expose security vulnerabilities in Philippine educational institutions during the rapid shift to online learning caused by the COVID-19 pandemic.
How the Attack Worked
The attackers exploited common web application vulnerabilities found across Philippine school portals:
- Missing or expired SSL certificates — leaving data transmissions unencrypted
- Weak authentication — admin credentials vulnerable to brute-force attacks
- Unpatched software — outdated CMS and web frameworks with known vulnerabilities
What Was Potentially Exposed
Student portals like USLS's typically contain:
- Student names, IDs, and contact information
- Academic records and grades
- Enrollment and financial data
Context
On the same day (June 17, 2020), Pinoy Grayhats also breached Far Eastern University, Cebu Normal University, Tarlac Agricultural University, ICCT Colleges, and AMA University — demonstrating the scale of vulnerabilities across Philippine schools.
Lessons for Schools
- 1.Ensure SSL certificates are current — expired certificates are a red flag that basic security hygiene is neglected
- 2.Implement strong authentication — enforce complex passwords and account lockout policies on all admin and student portals
- 3.Keep all software updated — apply security patches promptly for CMS platforms, web servers, and application frameworks
- 4.Conduct vulnerability assessments — regularly scan student-facing systems for known vulnerabilities
Sources & References
- [1]GitHub Registry — Community-maintained registry of Philippine school hacking incidents (May-June 2020)
- [2]Manila Bulletin — Anatomy of a hack: How hackers breached vulnerable PH schools (July 1, 2020)