Hacked personal details of millions of Malaysian citizens allegedly for sale online
Malaysian technology website Lowyat reported the files were offered for sale by an unknown user of its forums.
The personal data of "millions" of Malaysian citizens has reportedly been listed for sale online in what could potentially be the biggest information leak in the country's history.
According to Malaysian technology website Lowyat, which has published screenshots of the exposed citizen data, an unknown seller was caught advertising the leak on its forums.
Upon investigation, the website's team reportedly found it contained data linked to a slew of different websites and telecommunications companies.
They allegedly include: Jobstreet, the Malaysian Medical Council, the Malaysian Housing Loan Applications and the National Specialist Register of Malaysia.
Communications firms were named as Altel, Celcom, Friendimobile, TuneTalk, DiGi and more.
IBTimes UK has not independently verified the leaked information at the time of writing.
Lowyat reported that one of the databases – from Jobstreet – contained 17 million rows of user data, including names, hashed passwords, addresses and phone numbers. Some data was seemingly from 2012-13. The Medical Association cache allegedly contained 20,000 records.
The website claimed a database of loan application records – including names, employer details, salary figures and email addresses – had 720,000 entries.
The biggest trove was reportedly collated from the slew of telecommunications companies – with 50 million customer records featuring names, handset descriptions, addresses, sim numbers and IMSI numbers from 2012-15. The hacker is reportedly seeking bitcoin for the files.
It remains unclear, however, how much money the full list of information is being advertised for. IBTimes UK has contacted the Lowyat team to clarify more details on the leak.
The Lowyat administrator – under the name Vijandren - wrote: "While we have taken all efforts to ensure that illegal sales like this is removed from our forums, we are also aware that the same data is being peddled across a number of other online channels.
"Please be reminded that the sale of stolen data is strictly prohibited and punishable by law.
"The Malaysian Communications and Multimedia Commission we believe have been alerted to this issue and will be taking strict action against those found guilty of selling or buying such data."
In June 2016, Malaysia's national cybersecurity agency confirmed a report from anti-virus company Kaspersky Lab, which found access to 2,100 hacked servers in the country being sold online.
The news comes days after a huge leak of information from South Africa, with up to 60 million citizen records leaking online under mysterious circumstances.