Transparency International blasts Malaysian govt for apathetic reaction to data leaks
MalaysiaKini reports: Transparency International Malaysia (TI-M) has expressed deep concern over the recurring pattern of data leaks from Malaysian government agencies that are empowered and entrusted with personal data. “Media reports last week revealed that data from the voting portal MySPR was publicly on sale on the internet. It was also reported that the caretaker prime minister Ismail Sabri Yaakob had merely urged the Election Commission to probe the matter. Read more at MalaysiaKini (sub. req.)
Malaysian online stock brokerage firm victim of cyberattack
After what appears to be a brief hiatus from public activity, DESORDEN GROUP is back and has listed a stock brokerage firm, UOB KayHian, as a victim. According to a statement by DESORDEN to DataBreaches, the firm was attacked in October, and although the firm has read DESORDEN’s communications to them, they have not replied at all. DESORDEN’s post on a popular hacking forum claims that this breach involved 159,807 records of UOB Kay Hian Malaysia customers, including their full name, gender, religion, birthdate, nationality, IC number, passport, email, phone number, and address. Other data include their dealers, back office users, etc. DESORDEN claims they neither attempted to lock nor delete any of the firm’s files but focused on extracting data quickly. DataBreaches reached out to UOB KayHian to alert them that despite allegedly being notified of the breach by DESORDEN, UOB KayHian may still need to lock down all their data or change all their passwords. One file acquired by DESORDEN appears to contain first and last names, usernames, passwords, email addresses, and other information that might still permit access or successful phishing attempts. DataBreaches did ask UOB KayHian what they have done or are doing in response to this claimed breach, but no reply was immediately available. On October 18, the firm did post a notice on its website, Notice – UTRADE Security Advisory on Safeguarding Digital Privacy *NEW*. Was that in response to the breach? DataBreaches does not know. Nor does this site know whether UOB sent a copy of that notice to all customers or if it would do any good if they hadn’t also told them there had already been a breach. Hopefully, UOB KayHian will respond to this site’s inquiries and clarify these issues.
Malaysian Telecom RedOne hit by DESORDEN
On September 19, DESORDEN Group claims to have hit redONE Network Sdn Bhd. redONE is a telecom in Malaysia with more than 1.2 million subscribers. redONE also offers financial services via bank partnership (its redCARD program) and insurance services via insurer partnership (its redCARE program). According to statements made to DataBreaches by DESORDEN, when redONE didn’t respond to DESORDEN’s demands, DESORDEN launched a second attack on or about September 21, hitting their redCARD and redCARE programs. As DESORDEN wrote on a popular hacking forum: This data breach involved both redONE databases and source coding. Personal data include full name, NRIC (national identification number), address, phone, email, etc. As is their usual pattern, DESORDEN provided samples of data. In this case, there were samples from redONE, redCARD, and redCARE. All three samples included personal information on customers, and all three samples had fields for NRIC. DataBreaches ran some of the sample data through redONE’s site and confirmed that individuals whose NRIC appeared in the sample data from redONE do have or did have accounts with redONE. The ID checker page has since been taken offline by redONE, but an archived copy of the form as it appeared last year appears below. To verify that the data in DESORDEN’s sample were real, DataBreaches picked some random entries in the redONE sample, entered the NRIC in the “Identification No” field, and entered the captcha. For each NRIC tested, the redONE checker returned information on the customer’s Account ID, when the account was activated and when it terminated. Although DESORDEN has been just leaking some data recently rather than trying to sell it, they claimed that if they did not hear from redOne within 48 hours of their last email, the data will be posted for sale publicly. It has been about 24 hours or so since their last email. DataBreaches sent email inquiries to redONE yesterday to ask them if they would confirm or deny DESORDEN’S claims about the breach but has received no reply.
Customer data from hundreds of Indonesian and Malaysian restaurants hacked by DESORDEN
Hackers known as DESORDEN have hit another big Indonesian business. This time, their victim was BOGA Group, which operates more than 200 restaurants and outlets across Indonesia and Malaysia under brand names including Bakerzin, Pepper Lunch, Paradise Dynasty, Paradise Inn, Shaburi, Kintan Buffet, Onokabe, Putu Made, Kimukatsu, Yakiniku Like, Ocean 8, Sushi Kaiyo, and Boga Kitchen. Boga Group also operates Boga Catering, a premium catering service. More than 400,000 customer records and 16,000 employee records were acquired by the hackers. As is their usual style, DESORDEN provided proof in the form of samples drawn from the corporation’s .csv files. They also created a recording showing directories, opened files, documents and spreadsheets. The recording includes a message to their target: The highlighted portion of the recording reads: “To prove that DESORDEN has breached your servers, we have deleted the databases from your server after downloading them. In total, we have stolen over 31 GB of data and files from your network of servers. Check the facts with your IT department. These data include 409,168 information of your customers, with their name, phone, and email as well as 16,476 employees data, financial, and corporate data.” The numbers correspond to the rows displayed in the .csv files shown in the recording. When asked about the deletion of databases mentioned in their recording, DESORDEN replied, “They have backups. Delete is only for them to know we breached.” DataBreaches sent an email inquiry to BOGA Group about the attack. No reply has been received. In discussing this attack with DESORDEN in an online chat, DataBreaches pointed them to an article from The Jakarta Post about all the leaks and breaches appearing online. DESORDEN commented that the report did make a point. They say it is easy to go after smaller companies in Indonesia because most small companies have little or no security (an observation that applies to small companies worldwide). But DESORDEN also notes that these countries often have weak or no regulations imposing security standards or requiring notification in the event of breaches. “Countries like India, Malaysia, Indonesia, Thailand. We do not really expect responses from them. Informing them is only for courtesy,” DESORDEN told DataBreaches. “Selling their data is also as profitable. While it doesn’t fetch as much as victim paying, but a single job data can profit as much as $20,000 USD in sales of data easily.” DESORDEN has also recently been telling DataBreaches to expect more breaches in South Korea, Taiwan, Vietnam, and Japan and continuing interest in data from Thailand. The current market is looking for personal information from these countries, DESORDEN states, from “mostly Chinese buyers.”
Malaysian payment gateway platform iPay88 suffers data leak, card data may be compromised
Raymond Saw reports: If you typically use contactless payment methods, chances are that you’ve used iPay88 even without realising it. iPay88 is one of Malaysia’s biggest payment gateway platforms, providing point-of-sale solutions for plenty of merchants throughout Malaysia and the region. As such, it’s understandably quite worrying to know then that iPay88 has suffered a cybersecurity breach, and that customer card data may have been compromised. Read more at SoyaCincau. FreeMalaysiaToday reports that iPay88 has confirmed the breach and provides additional details.
Malaysian minister says amendments to PDPA in the works after repeated data breached
Yiswaree Palansamy reports: Communications and Multimedia Minister Tan Sri Annuar Musa today said that several amendments to Act 709 of the Personal Data Protection Act (PDPA) 2010 are in the pipeline to strengthen the law, after a series of personal data breaches in the country this year. […] “For information, among the proposed amendments would involve, among others firstly, mandating all data users to appoint a data protection officer, secondly, introduction of data breach notification to mandate all data users report data breach to a PDPA officer within a 72-hour period. Read more about other proposed amendments to Malaysian law at MalayMail.
Malaysian POS provider StoreHub almost exposed one million customers in data leak
Aaron Raj reports: Another day, another data leak report in Malaysia. Data leaks and breaches are becoming so rampant in Malaysia that there is news about them almost every week in the local media. Now, almost a million customers have had their data leaked in what may be an industry-impacting incident. According to a report by SafetyDetectives, their research team discovered a critical data leak affecting Malaysian point of sale (POS) and management software provider, StoreHub. The report stated that the exposed data was stored on StoreHub’s Elasticsearch server located in Singapore that was left open without any password protection or encryption. Read more at TechWire, and do note StoreHub’s response to the claims.
Malaysia: Govt must be transparent, outcome of alleged data breach probe must be made public
Zarrah Morden reports: Transparency International Malaysia (TI-M) today expressed concern over the alleged data leaks and sale of personal data belonging to Malaysians and urged the government to publicly disclose the results of police investigation into the matter. […] It also suggested that legislators study what is lacking in existing legislation, leading to solutions that strengthen the existing legal framework surrounding personal data protection. It then recommended a more robust cybersecurity system be put in place to avoid the recurrence of such data breaches. TI-M was referring to a report by Lowyat.net which stated that the National Registration Department’s (NRD) dataset containing information of all Malaysians born between 1940-2004 was being sold on an online database marketplace forum. Read more on Malay Mail. In a related OpEd at The Malay Reserve, Datuk Seri Akhbar Satar, President of the Malaysian Association of Certified Fraud Examiners, provides more details about the breach and other big breaches involving Malaysian’s personal information. He writes, in part: In Malaysia, there is a need to raise the knowledge, skills and capability across all members of the Royal Malaysia Police, Malaysian intelligence agencies and Cybersecurity Malaysia. The Malaysian Armed Forces have set up cyber warfare regiment to strengthen cyber defence. Law enforcement agencies, regulators and ethical hackers should form a task force with Cybersecurity Malaysia and acquire capabilities pertaining to deep web analysis. This is to enable the task force to effectively conduct investigations and continuous monitoring to effectively curb cybercrime activities to ensure a safer, secure cyberspace for the public and ensure it remains immune to cyberattacks.
Data leak containing info of 22.5 million Malaysians not from NRD, says Hamzah
Mazwin Nik Anis reports: The alleged data leak containing information of 22.5 million Malaysians is not from the National Registration Department (NRD), says Datuk Seri Hamzah Zainudin. The Home Minister said there was a mechanism in place which could prove that the leaked information did not come from the department. Read more at TheStar.
Another Malaysia carrier allegedly hacked and data exfiltrated — Skynet
Desorden Group, who recently claimed to have successfully breached ABX Express, has contacted DataBreaches.net to report yet another logistics firm breach. This time, the claimed victim is Skynet.com.my. Skynet is a carrier company in Malaysia that provides domestic and international carrier services. Desorden Group provided DataBreaches.net with proof of claim — a video taken showing Skynet’s folders, and some of the files within the folders. One file included 10,000 airwaybill records, while another .csv file contained information on 3,600 employees. Personal information in the files included names, date of birth, account numbers, phone numbers, address, email addresses, encrypted passwords but also passwords in plaintext, and more. A message included with the video to Skynet reads: THIS IS DESORDEN GROUP. WE HAVE HACKED AND BREACHED SKYNET.COM.MY SERVERS FOR 3 WEEKS AND STOLEN MAJORITY OF THE DATABASES, RANGING FROM CORPORATE, FINANCIAL TO CUSTOMER PERSONAL DATA. WE KNOW YOUR IT DEPARTMENT HAS DISCOVERED THE DATA BREACH ON 27TH SEPTEMBER 2021 AND CLOSED ONE OF THE MANY VULNERABILITIES WHICH WERE USED TO BREACH YOUR SERVERS. HERE IS A VIDEO RECORDING OF YOUR FILES AND DATABASES FOR VERIFICATION. According to Desorden Group, the breach involves millions of Malaysian customers’ data. And as with the ABX Express breach, Desorder claims that Shopee and Lazada customer data is caught up in the breach. Lazada had never responded to DataBreaches.net’s inquiries about the ABX Express, and DataBreaches.net has now reached out to them again to ask what they are doing in response to these claims. Kerry Logistics never responded to the ABX Express breach, and this site has reached out to them again, too. DataBreaches.net has also reached out to Cybersecurity Malaysia to see what they can tell us about their efforts to deal with the rising cybercrime in the business sector. A popular forum where Desorden Group had posted notices about their databases, is not reachable this morning on clearnet, but is reachable on Tor. Whether there is any connection between specific posts on that forum and what is going on is unknown. In recent months, the forum has listed a number of hacks or leaks from ASEAN countries, including some very large firms. Last month, threat actors known as ALTDOS reported that some of their servers had been taken down by their host, but they did not know at whose request or under what legal process. Desorden posted the Skynet incident within the last 12 hours to the same forum ALTDOS has used to list its hacks and leaks. And then the forum was no longer reachable…? Is the forum being down on clearnet related to all the recent uptick in posts from Malaysia and other ASEAN countries or is this a coincidence? DataBreaches.net will be watching the situation. Updated 11:55 am: RaidForums is back online on clearnet.