Saturday, February 4, 2023

Personal information of M’sians are put on sale, netizen raises concerns on Malaysia’s cybersecurity

Social NewsPersonal information of M'sians are put on sale, netizen raises concerns on...

Malaysia’s cybersecurity has once again come under the spotlight after a netizen found a website that allegedly contains personal details of Malaysians.

The existence of the website was highlighted by Twitter user @Radz1112 and it has allowed a person to searched by name, address, phone number, MyKad or military ID or date of birth.

The user also claimed that searching for someone via MyKad number will reveal the person’s full name, date of birth, gender and house address.

There is more information such as MySejahtera vaccination info, loans and credit card applications but they are hidden behind a paywall.

“OSINT (open-source intelligence) tools are common and they display easily accessible information like a person’s social media, but this is one of the few instances where I am seeing country-specific database leaks being compiled in a single spot,” the user wrote in a tweet.

He also said the website was found via a Google search and that the data might end up in the hands of those who could exploit it for financial gain or nefarious purposes.

However, as of the evening of 12 June, the website was blank. It appeared to have been taken down or rendered inactive, according to the Down.com URL checker.

Nonetheless, he advised the public to take the following precautionary steps to prevent those with ill intentions to harm anybody.

  • Remove your real name from your social media
  • Remove any indications of your birthday
  • Delete any pictures of your license plate
  • If possible, remove any indications of the state you were born in

The user said the website was a threat to the country’s national defence and the security of the public’s personal data.

According to The Star, the Malaysian Personal Data Protection Department (PDPD) has requested for the website to be blocked and it will be assisted by the Malaysian Communications and Multimedia Commission (KKMM).

Meanwhile, the Chairman of cybersecurity firm LGMS Bhd and cybersecurity consultant Fong Choong Fook, who analysed the website, said the website was likely created by Malaysians or people who were familiar with the local market.

“The data is specific to Malaysia and there is a page to inform users how to buy bitcoin locally to gain access to more information,” he said, adding that the website was likely to be created recently and the seller is charging as little as 50 cents (RM2.20) for a person’s mobile number.

It also has 3 other plans offering various levels of access.

“Though the website is labelled as an OSINT tool, in reality, it is actually a pirate site which was put together using stolen information,” he said.

Last month, it was reported that a national registration department (JPN) dataset that contains details of 22.5 million people, with birth years from 1940 to 2004, was on sale for nearly RM44,000 at a database marketplace forum.

Trending now

- Advertisement -

Subscribe to our newsletter!

Recommended for you