A month ago, Lowyat reported news of “one of the biggest data breaches ever in Malaysian history” – compromising millions of Malaysians’ privacy. According to a tip off of the Lowyat forums, someone has been making an undisclosed amount in Bitcoins from selling databases of personal details. Lowyat also revealed that mobile numbers and IC numbers & addresses were being advertised on forums. The biggest damage came from a huge list of Malaysian Telcos, including Altel, Celcom, DiGi, Enabling Asia, Friendimobile, Maxis, MerchantTradeAsia, PLDT, RedTone, TuneTalk, Umobile, and XOX.
Because of this, Malaysians are questioning the capabilities of the country’s cybersecurity, seeing that the breach has allegedly happened since 2014.
Tech blogger and security expert, Keith Rozario, created a website called sayakenahack.com to enable Malaysians to check if their personal data is among the information that has been breached.
For now, more than 50,000 Malaysians have checked so far. The massive breach is believed to have happened in 2014 and involves the personal details of 46.2 million mobile subscribers in Malaysia.
A secretary found registered prepaid numbers linked to her that she has never applied for from that particular cellular service provider.
“I have always been using another telco and my only number is a supplementary line to my husband’s for almost 15 years now. I’m guessing my personal information was stolen to register that prepaid number,” she said.
An engineer who wished to be identified only as Tan, 36, was surprised to find three mobile numbers linked to him when he only has two.
Malaysian Communications and Multimedia Commission (MCMC) Network Security and Enforcement Sector Chief Officer Zulkarnain Mohd Yassin said it would most likely be a case of other people using another person’s identity to register. He advised mobile subscribers who have discovered this breach to check again with their service providers on accounts under their names and MyKad numbers.
“That stray number is not even one I used previously. How did someone else register a number using my details?” Tan questioned.
So, you must be thinking:
“What do I do if I’ve been breached?”
Well, the bad news is that there’s nothing you can do; once the information is out, it’s out. However, according to Keith Rozario, most people have changed their phones since 2014, so the IMEI numbers from 2014 are useless. Same goes to IMSI and SIM numbers.
UPDATE: According to Lowyat, sayakenahack.com is now officially blocked by the MCMC after it went viral among the public over the weekend. Keith Rozario, the creator of the site is allegedly clueless that his site has been blocked by the MCMC, and claims that the MCMC failed to inform him about the reasons why the site has been blocked on the internet.
In an attempt to still make the site available, Rozario made an alternative checking site although it doesn’t give any other information regarding what was breached, as it only allows you to check if your IC is in the database of the leaked information.
In order to access the original site, you need to have Google DNS enabled on your computer. If you don’t know how, just follow these simple steps to get it enabled.