Personal data of millions of Malaysians up for sale, source of breach still unknown (UPDATED)
MALAYSIA’S internet regulator today ordered an online forum to remove news on a massive data breach involving millions of users, estimated to have taken place between 2012 and 2015.
The Lowyat website said the order from the Malaysian Communications and Multimedia Commission came after it reported that databases of Malaysians’ personal details, obtained from Jobstreet.com, the Malaysian Medical Association and the Malaysian Housing Loan Applications, among others, were being sold for bitcoins since late yesterday on its forums.
Read more on The Malaysian Insight. Now why did the regulator order that? Was it because the report of a massive breach was incorrect or is there some other reason? I could not find any statement on the regulator’s web site. Lowyat did remove their article and says they are waiting for an official statement from the regulator. In the meantime, I have no idea what to make of this all.
This is not looking good. Late yesterday, we received a tip off that someone was selling huge databases of personal details belonging to Malaysians on Lowyat Forums.
While we did brush it off as just another scammer looking to make a quick buck at first, we decided to dig a little further and discovered that this could be one of the biggest data breaches ever in Malaysian history.
What is up for sale – for an undisclosed amount in bitcoin is millions of personal data of Malaysians belonging to Jobstreet.com, the Malaysian Medical Council, the Malaysian Medical Association, Academy of Medicine Malaysia, the Malaysian Housing Loan Applications, the Malaysian Dental Association and the National Specialist Register of Malaysia.
Thats not all, the mother load however is customer data from a huge list of Malaysian Telcos, that include Altel, Celcom, DiGi, Enabling Asia, Friendimobile, Maxis, MerchantTradeAsia, PLDT, RedTone, TuneTalk, Umobile and XOX.
Read more on lowyat.net.