Take note, everyone! Your personal details may have been compromised and put up for sale in what is allegedly one of the biggest data breaches in Malaysia.
What happened?
Apparently, on October 19, Lowyat.net reported that they discovered someone was publishing an ad in the forum that they were selling off huge databases of Malaysians’ personal details to anyone interested and they even posted samples to prove that they have authentic data.
Source: Lowyat
After a little investigative work, they found that the person had the personal data of millions of Malaysians from various service providers that are used by practically every Malaysian. These sensitive data came from major job-seeking portals, medical associations, telcos and even housing loan applications.
So, is my personal information affected?
We don’t know whose data is inside but for an undisclosed amount of bitcoin, anyone interested could purchase up to 50 million records of customers’ details from various telcos. And this is very alarming because everyone uses a phone! The information includes details such as customer names, billing addresses, mobile numbers, sim card numbers, imsi numbers, handset models as well as IC numbers of customers.
Source: Lowyat
Practically the whole Malaysian population is affected as The Star reported that currently, about 46.2 million mobile phone subscribers’ information have likely fallen into the wrong hands. FYI, Malaysia only has a population of about 32 million!
These details are believed to be updated from 2012 to 2015. In an updated article, Lowyat.net says that they believe the breach happened in 2014. So, unless you only owned a mobile number after 2014, it is highly likely that your personal information is in the list too.
That’s not all, interested purchasers could also obtain 17 million rows of information that came from the job portal. The set of information is believed to have been updated from 2012 to 2013.
It contains sensitive data such as candidate’s name, login name, hashed passwords, email id, nationality, address and handphone number. You wouldn’t want anyone to have these details without your permission right?
There were two other sets of 20,000 and 62,000 data of doctors obtained from medical associations and 720,000 entries of housing loan applications.
OMG, something is being done, right?
It is not known how the data breach came about but yesterday, when Lowyat.net reached out to the Malaysian Communications and Multimedia Commission (MCMC) for a comment on this alleged data breach, they were ordered to remove the article while waiting for an official statement from MCMC.
Source: Afees Host
This action was met with backlash from various parties, including legal advocacy group Lawyers for Liberty (LFL) who said the action was “akin to shooting the messenger,” Malaysian Insight reported.
LFL executive director Eric Paulsen said, “Instead of shooting the messenger, MCMC should be more alarmed at the content of the report which should be MCMC’s primary concern, that is, the personal data security of the communications and multimedia industries and the prevention of online fraud.”
Source: The Hacker News
Paulsen also said that this was a rather harsh and undemocratic action from the MCMC. He added that the order was “an abuse of power and in breach of the government’s guarantee never to censor the internet under the Communications and Multimedia Act 1998 and MSC Malaysia’s bill of guarantees.”
Netizens also commented, “No wonder I have been receiving so many spam calls and messages. I kept wondering how on earth did they get my number. Didn’t know it was so easy.”
Some of the ways your personal information may be used against you is through phone and messaging scams. “Scammers pretend to be someone calling or texting from the telco since they can prove they have the target’s personal details,” network and security strategist Gavin Chow said. In a worst case scenario, your phone could be cloned!
What MCMC has to say:
The article has since been restored as MCMC has given permission and they released an official statement on their Facebook page. MCMC acknowledged that a data breach might have happened and is currently investigating this issue with the police.
Source: Facebook
“As a preventive measure, we have asked administrators of Lowyat.net to take down the said advertisement of the sale of information and the related article. They have complied with our requests and given their cooperation in taking down the advertisement and the related article.”
“MCMC urges all parties to not make any sort of speculation until the authorities have completed their investigation.”
Lowyat.net founder Vijandren Ramadass also said that all the necessary information has been given to MCMC. He also urged telcos to admit the breach and advised them on how to take precautions.
What can I do to protect myself?
The situation isn’t looking too good, folks and we’re not gonna lie. There’s not much you can do at the moment to protect yourself but there are a couple of precautionary measures to help you sleep better at night.
1. Go to your service provider and change to a new SIM card
2. Don’t give out any personal details over the phone and end the call immediately if you feel suspicious
3. Don’t simply transfer funds or install apps in your phone that could potentially be malware
4. Change your passwords and make them complex so that it is harder to hack. Pro tip: Don’t use an actual word in your password!
Hopefully this issue is resolved soon and our data remains protected!
Also read: MCMC Bans Access to Steam Because of ‘Controversial’ God Fighting Game
