The largest e-wallet platform in the Philippines, GCash, is suspected of a major data breach, with information of about 7 to 8 million users appearing on the dark web forum being publicly sold. The leaked data covers user real-name information, financial account information, and identity document images from October 2019 to October 2025. The seller trades with the privacy coin Monero, and the entire database is priced at $25,000. Currently, neither GCash nor its operating company G-Xchange Inc. have responded, and the National Privacy Commission (NPC) of the Philippines has not announced whether it will investigate. If the incident is true, this will be one of the most severe financial data security incidents in the Philippines in recent years, with users facing high risks of identity theft, fraud, and illegal transactions.
Event Overview and Data Details
Recently, a dark web forum featured a large database claimed to be from GCash's operating company G-Xchange Inc., involving information of 7 to 8 million users, spanning from 2019 to October 2025. The leaked content includes user real-name information (name, address, occupation), GCash account numbers, linked virtual cards and bank data, as well as uploaded images of passports, driver's licenses, UMID, and other identity documents. As of the time of writing, the post is still on the dark web and has not been deleted.
Dark Web Sales and Trading Methods
The seller offers the data in the form of "original unsorted files," providing a search function categorized by date or account. Pricing is divided into three tiers: data for 20,000 users sold for $700, 200,000 records at $500 each (must be bundled in packs of 10), and the entire database priced at $25,000. Transactions are only accepted in the privacy coin Monero (XMR), and the seller claims to "only deal with buyers they have cooperated with before" and strictly prohibits resale, showing a certain reputation history on the dark web.
Potential Risks and Current Responses
If the leak is confirmed, users may face serious risks such as identity theft, phishing scams, account theft, and involvement in illegal transactions. Currently, neither GCash nor G-Xchange Inc. have issued a statement, and the National Privacy Commission (NPC) of the Philippines has not responded whether an investigation will be initiated. The incident has caused anxiety among user communities, with many calling for an official response soon, fearing that the trust system of the Philippine fintech sector may be impacted.
User Protection and Official Recommendations
It is recommended that GCash users immediately take the following protective measures: change account passwords and linked email addresses, disable suspicious automatic debit functions, handle strange SMS and links cautiously to avoid leaking verification codes, and closely follow the official dynamics of GCash and NPC to prevent account theft. Note that while financial losses may be recoverable, once personal identity information is leaked, the consequences may be irreversible.
