As reported on an article by Dageeks of a rumor that Garena had to let go majority of it’s employees and the closure of it’s Philippine office, the local gaming community began to speculate what had really happened but several individuals, mostly former employees, came out with their testimonies on what was really going on inside the Garena PH office.

This can mean a lot of things in the local gaming industry as e-sports and game publishing has been struggling these past few years due to reasons like failed hype of relaunched games, manpower, and even interference from the Philippine Government by slapping policies that was deemed unfair just like the mandatory drug testing of international e-sports athletes, among others.

In this series of articles regarding the closure of the Philippine operations of Garena, we will cite several reasons of what we think are the collective fallout that caused the closing of the Garena PH operations. Some of these are actual conversations with former employees and they will not be named for their own safety. For all we know, they were asked to keep quiet about what had really happened inside the company.

Do take note that these articles are mostly opinionated because we will have to actually have to hear what Garena has to say.

Where it all began

According to a former employee, it all started a couple of weeks before Globe Conqueror’s Manila. Garena suffered a cyber security breach which caused Garena clients to be infected with a Cryptomining javascript virus.

Looking at it in a cyber security perspective in line with the Data Privacy Act, Garena did not disclose any details regarding this breach but there are some individuals claiming that this was an inside job: a rouge employee who injected Cryptomining javascript code into the Garena clients.

If this is true, this can be penalized by law according to Republic Act 10173, Section 29, which focuses on Unauthorized Access or Intentional Breach.

Unauthorized Access or Intentional Breach. – The penalty of imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who knowingly and unlawfully, or violating data confidentiality and security data systems, breaks in any way into any system where personal and sensitive personal information is stored. – Republic Act 10173 a.k.a Data Privacy Act of 2012

Garena did not disclose anything about an internal hack and they have assured that no personal information was compromised. But with further speculation, it’s really hard to believe that they’re saying there are no such damage because of the magnitude of this security breach. If they are indeed hiding something, they themselves could be penalized.

Concealment of Security Breaches Involving Sensitive Personal Information. – The penalty of imprisonment of one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who, after having knowledge of a security breach and of the obligation to notify the Commission pursuant to Section 20(f), intentionally or by omission conceals the fact of such security breach. – Republic Act 10173 a.k.a Data Privacy Act of 2012

According to a separate report from TrendMicro last 2015, League of Legends clients has been affected by a totally different malware called PlugX, which allows remote users to perform malicious and data theft routines on a system without the user’s permission or authorization. The compromised releases were traced back to Garena but mostly reported in Singapore and Taiwan.

Looking at the awareness and the attitudes of local computer shops here in the Philippines and your regular peenoise gamers when it comes to cyber security, they probably didn’t care and had no idea that they have been compromised as well though the TrendMicro report didn’t say anything about Philippine users. But regardless of that fact, Garena has shown incompetence in security their platform and their users.

If only the local government caught wind of this even if Garena closed their Philippine office, for sure they will be slapped with lawsuits and heavy fines. So right now, we are speculating that this is one of the things they are trying to get away with quietly through the lowkey shutdown of their Philippine operations.

Extent of Liability. – If the offender is a corporation, partnership or any juridical person, the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime. If the offender is a juridical person, the court may suspend or revoke any of its rights under this Act. If the offender is an alien, he or she shall, in addition to the penalties herein prescribed, be deported without further proceedings after serving the penalties prescribed. If the offender is a public official or employee and lie or she is found guilty of acts penalized under Sections 27 and 28 of this Act, he or she shall, in addition to the penalties prescribed herein, suffer perpetual or temporary absolute disqualification from office, as the case may be. – Republic Act 10173 a.k.a Data Privacy Act of 2012

The extent of the liability of the company in regards to the security of their service goes beyond of what we can comprehend as of the moment but this is something to ponder about. Again, we still haven’t heard a proper drawer statement from Garena about the lay offs and the closing of their Philippine office and that is one of the missing links as to what had really happened.

We are still working on connecting the dots with primary sources and we will have a follow up article on this.