Over 1 million DepEd-linked accounts found on the dark web, says Deep Web Konek

• Over 1 million DepEd-linked accounts were found compromised in a recent breach, according to Deep Web Konek’s monitoring. The affected accounts include 111,952 belonging to employees, 613,105 linked to third parties, and 293,768 from customers — many with weak or very weak passwords. (Deep Web Konek)

By TechWatch PH Staff

More than one million accounts linked to the Department of Education (DepEd) have been discovered in a recent cybersecurity incident, according to breach monitoring group Deep Web Konek.

The discovery, revealed through their ongoing deep web and dark web surveillance, raises concerns over the security of personal and institutional data connected to the country’s largest government agency.

The accounts, many of which reportedly belong to teachers, administrative staff, and other education personnel, were found in multiple databases traded and shared in cybercriminal forums.

While the breach’s original source remains under investigation, analysts from the group believe the compromised information may have been harvested by infostealer malware a malicious software designed to capture login credentials, personal data, and other sensitive information from infected devices.

Deep Web Konek’s monitoring flagged the DepEd-linked credentials as part of a broader pattern of Philippine government and educational institutions being targeted by cybercriminals.

The scale of this latest discovery highlights the growing threat of data breaches in the education sector, which often lacks the cybersecurity resources of private corporations.

In an interview, Elizze F. Serna, Division Head of the Breach Monitoring Team and Secretary General of Deep Web Konek, said the Department of Education must take urgent and targeted measures to address the situation.

“I believe the Department of Education should focus on combating infostealer malware, which largely fueled the scale of this problem,” Serna said. “We need to see more IT staff dedicated to active threat monitoring, stronger protections like multi-factor authentication, and regular reminders for teachers and students to avoid risky practices such as sharing personal information or installing cracked and modded apps that often carry these malware payloads.”

Cybersecurity professionals note that once stolen, credentials often circulate for years in underground markets, leaving affected users vulnerable to account hijacking, phishing attacks, and identity theft. The danger is heightened when accounts are tied to institutional email domains, as attackers can use them to impersonate employees and conduct further targeted attacks.

Serna also issued advice for individuals whose accounts may be among those compromised.

“If your account is affected, change your password right away and turn on two-step verification,” she advised. “Scan your phone or computer for viruses or malware. Be careful with emails or messages asking for your information. Report any suspicious activity on your account to your IT Department.”

While DepEd has not yet released an official statement on the matter, cybersecurity advocates are urging the agency to act quickly in notifying affected users, deploying preventive measures, and working with law enforcement and incident response teams to contain the threat.

Deep Web Konek’s findings add to a growing list of breaches affecting Philippine institutions in recent years, highlighting the urgent need for stronger cybersecurity protocols across both public and private sectors.

The group emphasized that without sustained and proactive measures, the education sector will remain a prime target for cybercriminal exploitation.