close
close

Anomalous withdrawal of GCash | The Manila Times

Anomalous withdrawal of GCash | The Manila Times

SEVERAL netizens took to social media on Saturday to complain about alleged unauthorized withdrawals from their GCash accounts.

Veteran comedian Pokwang said her GCash account has been drained.

“I try to make an honest living and provide work for single mothers. I woke up one morning and my GCash account was empty,” Pokwang wrote in Filipino on Instagram on Saturday.

She added that the withdrawal was linked to 30 different numbers, noting that the unreliability of the mobile payment service could affect her seasoning business.

“There were various numbers that were not registered — almost 30 unregistered numbers. What happened to the SIM Card Registration Act?” Pokwang said.

Get the latest news


delivered to your mailbox

Subscribe to The Manila Times newsletters

By registering using an email address, I confirm that I have read and agree to the Terms of Service and the Privacy Policy.

Rose Gonzalez, a member of a band that performed on cruise ships, said her GCash account registered 50 unauthorized transactions of P2,000 each, totaling P100,000 in just three minutes.

“For those who think they’re smart, we don’t have gambling apps attached to our account. We don’t gamble. Even on Google or any other platform. No subscriptions or anything like that. We are also on a ship. , so we don’t have full access to the internet, we’re very careful about that,” she wrote on Facebook.

Gonzalez added that each message to send money registers two different numbers per transaction.

On Reddit, user EastTourist4648 claimed that attackers were able to obtain funds using GCash’s “send to many” option without a one-time password (OTP) or phishing links.

“All users affected by this overnight GCash incident did not click any links or provide OTPs. The case is particularly alarming because GCash allows you to link only one phone, which makes it very difficult to take over the account,” the post reads.

He added that one-time passwords and text messages were intercepted, indicating a “catastrophic” security breach.

The “send to many” feature, which can send money to up to 10 people, has been disabled by the mobile wallet app at the time of publication.

Cyber ​​security organization Deep Web Konek said the “send to many” failure was first noticed around 2 a.m. on Saturday.

In a brief statement, GCash said some users were affected by a “system reconciliation process” and that all accounts are safe.

“Several GCash users have been affected by errors in the ongoing system reconciliation process. This incident was isolated to multiple users and we assure our customers that their accounts are safe. We have identified the affected accounts and are contacting them. Wallet adjustments are ongoing,” – the message says.

Users who lost funds were sent a text message confirming the unusual activity.

“We have detected unusual transactions in your GCash accounts,” it said.

The affected parties were urged to immediately reset their mobile identification number.

A message on the official GCash website advised users who noticed unauthorized transactions to check platforms where cash is the associated payment method, change their MPIN and report suspicious transactions.

As of press time, the mobile payment service’s parent company, Globe Fintech Innovations Inc., has yet to issue an official statement.