A technology website in Malaysia exposes that more than 67 million private citizen records were hacked and placed online for sale. The leak was discovered on their forum through an anonymous user’s post, claiming to have the private files on hand and wanting bitcoin from interested buyers.
Malaysia might be currently facing its most extensive private data leak in history. Lowyat, a Malaysian tech website, sounded the alarm about the possible hacking upon capturing photos of an anonymous post on their forum. The post was an advertisement of private data up for sale in exchange for bitcoins.
The gravity of the hacking was discovered upon further investigation, which sums up to more than 67 million. The data were said to be obtained from various websites, telecommunication firms, and even government agencies.
From the telecom companies alone, more than 50 million records were hacked, which included information such as names, addresses, SIM and IMSI numbers, and phone units owned. Altel, Celcom, Friendimobile, TuneTalk, and DiGi were among the companies that allegedly suffered from the data breach.
Jobstreet, one of the biggest job-hunting websites, had around 17 million data exposed.
The hacker also cyber-attacked government agencies like the Malaysian Medical Council and the Malaysian Housing Loan Applications. 20,000 medical records and 720,000 loan application records were stolen. Citizen data stored by the Nationalist Specialist Register of Malaysia was also said to be compromised, but there is no approximate figure mentioned as to how many were captured by the hacker.
Vijandren, a Lowyat administrator, assures the public that they are exhausting all possible means to keep their forum free from illegal sales such as this one. He also reiterated that selling of hacked personal data is a criminal offense and subject to legal punishment.
– Has massive set of stolen DB
– Casually try to sell it openly on the forum.
Not sure if fella clueless, ignorant or has balls of steel. https://t.co/c7UuAxXxNr
— Syefri Zulkefli (@chapree) October 19, 2017
Details on the alleged leak are still being verified, and it is still unknown how much money exactly is being demanded in exchange for the hacked records.
In the meantime, the Malaysian Communications and Multimedia Commission instructed Lowyat to remove the report from the internet. No official statement has been issued from the said regulatory body as of now.
This is not the only huge data breach that happened in Malaysia recently. Just last year in June, Kaspersky Lab, an anti-virus company, said that 2,100 servers were compromised. Information from the servers were also placed for sale online. This report was confirmed by the Malaysian national cybersecurity agency.