By Nancy Carvajal
For a mere P30,000, the hacker behind the “Mark Nagoyo scam” was able to obtain thousands of email addresses and sensitive banking information used in breaching BDO Unibank’s database.
The National Bureau of Investigation Cybercrime Division found the list of email addresses in the computer of suspect Clay Sevilla Revillosa, who’s also known as “X-Men” in hacker circles.
Revillosa was among the five suspects arrested by the NBI in connection with the so called “Nagoyo” scam, which victimized around 700 BDO depositors.
“Among the data found in Revillosa’s computer were 800,000 email addresses containing confidential details of account owners,” said NBI Cybercrime Division chief Vic Lorenzo.
Lorenzo said the email addresses and data obtained by Revillosa were valuable to scammers.
“The scam begins with having a mailing list, because it becomes the reference of scammers in duping depositors,” he said.
Revillosa said he obtained bulk of the digital information for the “Nagoyo” hack for P30,000. However, he also told Bilyonaryo that there was a time when he sold a mailing list for as much as P1.5 million.
The suspect boasted about hacking into the databases of Jollibee and the Department of Environment and Natural Resources before he was caught by authorities.
An NBI insider said the bureau has been keeping tabs on Revillosa since 2016 but the “Nagoyo” hack caused his downfall.
“We’ve been on Revillosa’s trail for some years now because of his role in hacking and defacing various government and private websites,” the source said.
Revillosa and other suspects in the hacking of BDO’s database are facing charges for the violation of the Cybercrime Prevention Act.