Back to Breach Tracker
Unauthorized Access
HighConfirmed

West Visayas State University (WVSU)

A threat actor using the alias '7h3_Er4s3r' gained unauthorized access to multiple WVSU databases including the main campus database and file systems, exposing student and faculty records, credentials, and administrative documents.

June 1, 2025Iloilo City, Western VisayasUnknown records affected

Key Facts

Date of Incident
June 1, 2025
Date Discovered
June 1, 2025
Records Affected
Unknown
Source
Deep Web Konek
Data Types Exposed
Academic recordsPersonal informationAdministrative documentsUsernamesEmail addressesIP addressesAccess timestamps
Response / Action Taken

Deep Web Konek notified WVSU IT Department about the breach.

What Happened

Cybersecurity monitoring group Deep Web Konek reported that a threat actor using the alias "7h3_Er4s3r" gained unauthorized access to multiple databases at West Visayas State University (WVSU) in Iloilo City. The hacker provided screenshots as proof showing unauthorized access to database user account listings with associated metadata.

The compromised systems included:

  • WVSU_MAIN_Campus_DB_00 — the university's main campus database
  • WVSUfiles — the university's file storage system

Deep Web Konek assessed the situation and notified WVSU's IT Department about the breach.

Data Exposed

  • Academic records
  • Personal information of students and faculty
  • Administrative documents
  • User account credentials (full names, usernames, email addresses)
  • IP addresses and access timestamps

Why This Breach Is Significant

The compromise of both the main campus database and the file storage system indicates the attacker gained broad access to WVSU's core infrastructure. The exposure of IP addresses and access timestamps reveals user behavior patterns, and credentials exposure enables further unauthorized access if passwords are reused.

WVSU is one of the largest state universities in Western Visayas, serving thousands of students across multiple campuses. This breach follows a pattern of Philippine universities being targeted in 2025.

How to Prevent This

  1. 1.Secure database access — ensure all databases require strong authentication and are not accessible from the public internet
  2. 2.Implement network segmentation — separate the main campus database from file storage and other systems
  3. 3.Deploy intrusion detection — monitor for unauthorized database access patterns and alert on suspicious queries
  4. 4.Enforce strong password policies — require complex passwords and regular rotation for all database and system accounts
  5. 5.Conduct regular penetration testing — test all university systems for vulnerabilities at least annually
  6. 6.Implement MFA — require multi-factor authentication for all administrative and database access
  7. 7.Encrypt sensitive data at rest — ensure academic records and personal information are encrypted in the database

Sources & References

  1. [1]
    Deep Web Konek Alleged data breach hits West Visayas State University — hacker '7h3_Er4s3r' shared screenshots of unauthorized access
WVSUIloiloWestern Visayasdatabase accessDeep Web Konek