Malaysian

The Biggest Malaysian Data Breach In History And How It Affects You

Some of the biggest news spreading around lately has been about this massive data leak from a lot of Malaysian databases. Lowyat had previously reported that a user was seen selling Malaysians personal details on their forums.

These were all your personal details in the form of your names, addresses, and phone numbers, discovered to have been taken off various Malaysian databases such as from Jobstreet.com and the Malaysian Medical Council.

Not just that, over 40 million records from various telcos is up for sale—and in the form of names, billing addresses, mobile numbers, sim card numbers, IMSI numbers, handset models as well as IC numbers.

Basically, all customer data from a huge list of Malaysian Telcos such as Celcom, DiGi, Maxis, Umobile and more are out there in the open for everyone to see.

So Keith Rozario had set up a serverless site called sayakenahack.com for people to check whether or not their number is listed based on your IC number.

Keith very kindly put up this website for Malaysians to check if their details had indeed been part of the breach—not that we can do anything, but it’ll still be good to remain aware.

However, the link is not available at the moment as it has been blocked by MCMC, possibly due to the sheer amount of personal information it contains.

It is still possible for you to gain access by changing your DNS, which you can do so by following this guide here.

Screenshot of the website. / Image Credit: sayakenahack.com

So why is this a big issue? 

If they have our personal information, can they really do any serious damage apart from spamming people with calls?

After all, our accounts are password-protected, and any online purchases would need a TAC number sent to our phones for approval.

Unfortunately, each phone comes with an IMSI and IMEI number which is different for every one. Those numbers are used by hackers to clone your phone, which will then give them access to yours. They will then be able to track your calls, read your messages, and even use your number as their own.

Since they already have all your information, they won’t stop there—in fact, they could easily use your identity to commit frauds under your name.

Meaning these identity snatchers can open bank accounts in your name, use that to get loans, apply for special benefits and leave a mess of debt for you to stress over. Your squeaky-clean reputation will all be gone in a heartbeat.

Amongst the entire crisis, one burning question makes its way through:

Where did the data come from?

We know that it was forcefully obtained through multiple websites. According to Keith Rozario, there’re two possibilities:

“Someone hacked into individuals telcos and took it; or someone hacked a central source with all the data.”

There are many Telco companies in Malaysia; and from Lowyat’s data, can be seen that the database contains names from Celcom, Digi, Maxis, Redtone, XOX, and Altel. Frankly, if a hacker is already going after giant names like Maxis and Digi, why would they waste time stealing information from others like Altel?

It’s much easier and time-efficient to download information from one central database then attempting to hack into multiple sources.

So how does one stay safe in this era of with the ever-growing risk of online theft?

If you’re reading this article, then congrats on taking the effort to remain aware on the issue.

Or, if you’ve been hacked, what can you do next? 

The next step would be to monitor your credit cards and personal accounts carefully for any suspicious activity.

From the mass of information that is the Internet, it is now possible to have your SIM cards cloned as well. If you notice an increase of spam texts on your phone or any suspicious activity, contact your banks to temporarily freeze your account or get a new SIM card.

This vigilance applies should apply to phone calls too. Never ever release any of your information to any party asking for your account number or personal information. Be extra wary, and if possible, walk to said bank that claimed to contact you to verify if they indeed did try to reach out.

So there you have it. We don’t know yet how they did it; or why, maybe it was a one-off challenge. Maybe they did it just to mess with us.

But in the meantime, Malaysians are encouraged to stay safe, alert and aware; and be sure to not release any of your personal details more than necessary.

 

Subscribe to Vulcan Post Newsletter

Stay updated with our weekly curated news and updates.