Investvine-31 Oct 2017

The personal details of some 46.2 million mobile number subscribers in Malaysia have been leaked through a breach which is believed to be the largest that has ever occurred in the country, The Star reported, referring to a revelation by online forum and news site Lowyat.net earlier this month.

The leak includes postpaid and prepaid numbers with customer addresses and identity card numbers as well as SIM card details from all major operators including DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel, which means that the private details of almost the entire population may have fallen into the hands of hackers.

While Malaysia’s population is only around 32 million, many have several mobile numbers and the list is also believed to include inactive numbers and temporary ones bought by visiting foreigners.

With this leak, Malaysians may be vulnerable to social engineering attacks and in a worst-case scenario, phones may be cloned, the report warned.

Inspector-General of Police Mohamad Fuzi Harun said an investigation into the hack is being conducted by the police’s Commercial Crime Investigation Department.

“We are working with the Malaysian Communications and Multimedia Commission as this case is quite complicated since it involves telecommunication service providers,” he said, adding that “so far, we cannot reveal much as it is still ongoing. We are collecting information as to how the numbers and details were leaked.”

Lowyat.net also wrote that a total of three databases belonging to the Malaysian Medical Council, Malaysian Medical Association and Malaysian Dental Association have also been leaked. These medical databases include personal information, MyKad, phone numbers, as well as work and residential addresses.

On October 19, the news site reported that personal data of millions of Malaysia were up for sale on the Internet and that the source of the breach was still unknown.