MANILA, Philippines – Hacked account or compromised system? Users of e-wallet platform GCash reported incidents of unauthorized transactions, with malicious actors "transferred their money while they were sleeping" on November 8-9, 2024.
The malicious actors used the "Send to Many" feature of GCash bypassing the security of the platform such as OTP, MPIN and link to one phone only.
Majority of the transactions happened in less than a minute or two to extract users' fund from their account. They pulled out money Php 2,000 at a time to two recipients per transaction.
Users said they did not click any link and there's no OTP from the platform.
As of press time, the Send to Many function of GCash is under maintenance.
UPDATE: GCash released statement addressing issues of missing funds of customers.
The company said they encountered errors in the ongoing system reconciliation but claims that the incident was "isolated to a few users."
The e-wallet company, meanwhile, assured their customers that their accounts are safe.
Read more: GCash blames system reconciliation, says errors impact ‘few users’
Earlier, GCash promised to refund the affected transactions within 24 hours.
"We have detected unusual transactions in your GCash accounts.
We are already investigating this matter. Rest assured that all affected transactions will be refunded within 24 hours.
As an added security measure, please reset your MPIN immediately. Thank you."
The financial application is a wholly-owned subsidiary of Mynt (Globe Fintech Innovations Inc.), which is in turn a partnership between Globe Telecom Inc., the Ayala Corp., and Ant Financial.
GCash is operated by G-Xchange Inc. and currently has over 79 million registered users.
— The Summit Express