Massive data breach hits Malaysia as over 46 million sensitive records end up on Dark Web
The information leaked reportedly includes users' names, prepaid and postpaid phone numbers, addresses, customer details and SIM card data.
Malaysia has been hit with a massive data breach, as the records of over 46 million mobile phone number subscribers ended up for sale on the dark web. An unknown hacker is reported to have put up millions of sensitive records stolen from Malaysian telecoms and network operators for sale on the dark web. The data leaked includes users' names, prepaid and postpaid phone number, addresses, customer details and SIM card data.
The dark web also reportedly contained databases of over 80,000 compromised records from the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA) and the Malaysian Dental Association (MDA).
According to the Malaysian online news site Lowyat.net, the first to report about the data breach, the records came from a massive data breach thought to have occurred in 2014. According to local reports, the data of mobile number subscribers appears to have come from major local operators including, DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel.
Malaysia has a population of around 32 million. This indicates the the leaked data may belong to people with multiple mobile numbers. The data could also contain older, inactive numbers and temporary ones bought by foreign nationals visiting the nation.
Lowyat.netfounder Vijandren Ramadass told The Star that it had handed over all the sample of the stolen data it had received from the hacker to the Malaysian Communications and Multimedia Commission (MCMC). According to the site, the data may have already been in circulation in underground forums and may have been successfully traded, before it was discovered.
It is still unclear how such a massive trove of data from what appears to be multiple sources came to be compromised and then put up for sale on the dark web. It also remains unclear as to what amount the hacker is allegedly charging in exchange for handing over the data. IBTimes UK has not independently verified the validity of the data allegedly up for sale on the dark web.