“Fake” LTO website tries to hijack personal infos


The Land Transportation Office (LTO) warns motor vehicle owners and drivers’ license holders to only validate and verify their records using the official portal.

This after receiving reports that an online website lisensiya.info is allegedly trying to steal personal indentifiable information or sensitive information of motor vehicle owners and license holders.

“Ang lisensya.info website ay HINDI pinapatakbo o konektado sa ahensya ng LTO,” the agency posted on its official Facebook page.

In an online post of atom.hackstreetboys.ph it exposed that using the details found from Google, he tried the driver’s license authenticator feature of the lisensiya.info and it exposes the full name and expiration of the owner’s license.

Same goes when using the MV authenticator, the writer added. Using an information he found on Google, the author tried to enter the information and he was able to query and fetch the information of the owner of the motor vehicle. These are information that are not shown when inquring using LTO’s official portal.

The author said: “there is a security vulnerability that allows you to download the PUBLICLY-exposed git repository of the website.”

As of November 8, 6:07 am, there are 9,733 saved driver’s license and 18,703 saved MV File Number information on the developer’s server, atom.hackstreetboys.ph reported.

For everyone’s safety, LTO reminds the public not to share sensitive information usong unverified links.

The public are advised to transact and verify their information using the following official websites:

  1. Official LTO Website
  2. LTO Online Portal
  3. Official Facebook Pages