Ziam Dev

GCash Data Breach: Millions of User Records Allegedly Sold on Dark Web

Key Takeaways

  • A massive GCash data breach allegedly exposed up to 7–8 million accounts, sold on a dark web forum.
  • Leaked info includes names, addresses, linked bank accounts, and even verified eKYC data with valid Philippine IDs.
  • The data was allegedly offered for up to $25,000, payable only via Monero cryptocurrency.
  • The seller claimed the data spans 2019–2025 and includes both merchant and basic GCash user records.
  • GCash has not confirmed nor denied the breach as of late October 2025.

Quick Gist (Taglish)

  • May kumakalat na GCash data breach sa dark web—umabot daw sa 7–8 million users ang apektado.
  • Kasama raw sa leak ang mga pangalan, address, bank links, at eKYC data gaya ng valid PH IDs.
  • Ibinebenta ito hanggang $25,000 (mga ₱1.4M) gamit ang Monero cryptocurrency.
  • Galing daw ang records mula pa 2019 hanggang 2025.
  • Wala pang opisyal na pahayag mula sa GCash tungkol sa isyung ito.

Alleged Massive Gcash Data Breach Dump Surfaces on Dark Web

A post on a dark web forum allegedly selling millions of GCash user records surfaced on October 25, 2025. The listing was made by a user with the handle Oversleep8351 who claimed to offer both merchant and basic GCash account data. It allegedly includes linked bank accounts, verified IDs, and other personal information from G-Xchange Inc., the operator of GCash.

The post carried a screenshot showing the GCash logo and a title labeled “G-Xchange GCash (GXCHPHM2XXX) User Infos.” According to the seller, the dataset contains around 7 to 8 million user records gathered between 2019 and October 2025.

Gcash Data Breach

What the Gcash Data Breach Allegedly Contains

Based on the forum description, the Gcash Data Breach information includes:

  • Account numbers (GCash or G-Xchange)
  • Linked accounts such as virtual cards and bank connections
  • eKYC records with names, addresses, and employment information
  • Scanned or digital copies of valid Philippine IDs used for KYC verification

The seller stated that the files were “unorganized,” which means potential buyers would have to manually sort and query them by account number or creation date. The post mentioned that the records were mixed together without proper grouping and would require technical cleaning before use.

How the Alleged Gcash Data Breach Sale Was Structured

The Gcash data breach was offered in bundles of 10,000 user records each. Prices allegedly started at $700 for 20,000 users. Larger bundles, such as 200,000 users, were priced at $500 per 10,000, while the complete database of 7 to 8 million records was offered for $25,000 or roughly ₱1.4 million.

The seller said that all payments must be made using Monero (XMR), a privacy-focused cryptocurrency. The listing also emphasized that only “existing buyers” from previous transactions could purchase, to maintain anonymity and trust.

Possible Risks for GCash Users

If confirmed, the Gcash Data Breach could be one of the most serious digital leaks in the Philippine fintech scene. The inclusion of eKYC data means that sensitive personal information such as government IDs, addresses, and employment details could be used for identity theft, phishing, or financial fraud.

Because GCash accounts are connected to banks and virtual cards, exposed data could allow cybercriminals to target users through social engineering or credential stuffing attacks. Even though the data may be “unorganized,” criminals can still cross-reference it with other leaked databases to build complete identity profiles.

No Official Confirmation Yet

As of October 26, 2025, there has been no official confirmation or takedown notice from GCash or its operator, G-Xchange Inc. The dark web post remains accessible on multiple mirrored forums.

Gcash Data Breach

According to cybersecurity researchers monitoring dark web marketplaces, it’s common for such sellers to exaggerate dataset size or reuse old leaks to attract buyers. However, several indicators — including the date range (2019–2025) and the mention of valid eKYC IDs — make this claim more concerning than typical scams.

One researcher noted that this could be “the largest alleged data leak involving a Philippine fintech company” if proven true.

What Users Can Do for Now

Although the GCash data breach remains unverified, cybersecurity professionals recommend taking precautions:

  • Change your GCash PIN and linked bank passwords immediately.
  • Monitor your account transactions daily for unauthorized activity.
  • Avoid clicking suspicious SMS or email links claiming to be from GCash.
  • Do not share your OTP even if the sender seems legitimate.

For those using GCash for business transactions, experts suggest reviewing linked virtual accounts and minimizing stored balance while the issue is unresolved.

This is not the first time GCash has faced questions about user data safety. Earlier breaches and scam incidents have raised concerns about how the e-wallet protects customer information.

Related Reads

Want to stay updated on trending PH issues?

Read more stories like this in HemosPH’s Current Issues section, where we break down real events shaping your money, data, and daily life in the Philippines.

Must Read

BIR Form 1701-MS
BIR Form 1701-MS Exists. The System to File It Electronically Does Not.
BSP cash withdrawal limit
BSP Cash Withdrawal Limit Doubles to ₱1 Million, But the Real Story Is the Policy It Corrects
BSP biometric authentication
BSP Biometric Authentication Has a Hardware Problem Nobody Is Talking About
4-day workweek order
The 4-Day Workweek Order Takes Effect Monday. Your Government Transactions Are Not Ready for It.
Get in Touch
Scroll to Top