Millions of Malaysian phone users’ personal data stolen, report says
KUALA LUMPUR — Home addresses and identity numbers, among other details of 46.2 million mobile phone subscribers, nearly the entire population of Malaysia, may have been compromised, local media reported on Tuesday.
It was believed to be the largest data breach in the country, local media said.
Online technology site lowyat.net said the hackers have the home addresses, identity card numbers, SIM card information and private details of almost the entire Malaysian population of 32 million. Many Malaysians have several mobile numbers.
The site confirmed that those numbers were leaked online, in a follow-up report on its Oct 19 alert that someone was trying to sell the data from a huge breach in 2014.
In addition, 81,309 records from the Malaysian Medical Council, the Malaysian Medical Association and the Malaysian Dental Association were also exposed, the tech site said.
Communications and internet regulator, the Malaysian Communications and Multimedia Commission, has said it is investigating the breach with the police.
The probe is being led by the Department of Private Data Protection, an agency under the Ministry of Communications and Multimedia.
Founder of lowyat.net, Vijandren Ramadass, said that the site’s team followed the online trail left by the individual who tried to sell the data and discovered that the information was already available for download for free.
“We have disclosed the complete details to the MCMC,” he said, adding that he believes telcos should admit the breach occurred and advise their customers on the next steps.
The MCMC has held meetings with local telcos to ensure that they are aware of the leak and will give full cooperation to investigators.
Cyber security analysts said the hackers could make Malaysia vulnerable to phone scam attacks.
“Scammers (could) pretend to be someone calling or texting from the telco since they can prove they have the target’s personal details,” network and security strategist Gavin Chow was quoted as saying.
Other users could be tricked into transferring their money or installing “telco applications” containing malware or spyware. These could be used to exploit the target in the future.
Chow said users need to be alert when receiving calls and messages from strangers. “Do not get tricked into sharing more personal details, transferring funds or installing apps.”
Dinesh Nair, a technology strategist, said there was not much that consumers could do. But they might want to change their SIM cards because the hackers have stolen IMSI and IMEI data — electronic identifiers unique to each phone which are embedded into a SIM card.
“I’m sure my data is there as well. People with really good technical skills will be able to clone someone’s phone and that’s the worst-case scenario,” he said.
Fragment Room employees smash bottles in a “rage room” in Singapore, in which customers can take out their stress on items such as bottles and televisions.