The data of more than 46.2 million mobile phone subscribers whose phone numbers were attached to Malaysian service providers has been leaked online. The leaks were originally spotted by tech website lowyat.net in October, which confirmed the leak details in a later report.
According to a Reuters report on the leaks, there was also an attempt made to sell the data on the dark web. Being that the Malaysian population is roughly 31 million people, the nation's entire population could have potentially been impacted by this data leak, Reuters reported.
So, what information is at stake here? According to lowyat's initial report, the data included personal user information, ID card numbers, mobile phone numbers, SIM card information, and addresses. Both postpaid and prepaid numbers were affected from providers such as Altel, Celcom, DiGi, Enabling Asia, Friendimobile, Maxis, MerchantTradeAsia, PLDT, RedTone, TuneTalk, Umobile, and XOX.
SEE: Information security incident reporting policy (Tech Pro Research)
In addition to the mobile data, databases belonging to the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA), and the Malaysian Dental Association (MDA) were also leaked, lowyat reported, with 81,309 total records at risk.
According to lowyat, service providers have not taken any action to mitigate the effects of the breach since it was first discovered on October 19. While it's up to the authorities to ultimately determine the source of the breach, lowyat encourage the providers to step up and do more.
"We are urging the telco and MVNO companies mentioned above to alert and start immediately replacing the SIM cards of all affected customers, especially those who have not updated their SIM cards since 2014," the lowyat report said. "While the leaked data alone isn't sufficient to clone the SIM cards, the information available can be exploited to initiate multiple social engineering attacks against affected users."
The investigation remains ongoing, but Malaysia's multimedia minister Salleh Said Keruak told reporters that several potential sources have been identified, and the government is working to finish its probe soon, Reuters reported.
Malaysian citizens and frequent travelers who may have a separate Malaysian phone number should remain cautious with the amount of sensitive data they transmit via their smartphone. Contact your mobile carrier in order to receive a replacement SIM card, and change any passwords you think may be impacted.
The 3 big takeaways for TechRepublic readers
- Some 46.2 million data records belonging to mobile users on Malaysian telcos were leaked, in an attack that was spotted and confirmed by website lowyat.net.
- Leaked data includes personal user information, ID card numbers, mobile phone numbers, SIM card information, and addresses, which could potentially affect all Malaysian citizens.
- Databases belonging to the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA), and the Malaysian Dental Association (MDA) were also leaked, putting 81,309 total records at risk.
- How to build a successful career in cybersecurity (free PDF) (TechRepublic)
- Malaysia data breach comprises 46.2M mobile numbers (ZDNet)
- Information Security Management Fundamentals (TechRepublic)
- Malaysia sets aside $16M for female entrepreneurs to go online (ZDNet)
- 10 mobile security myths that need debunking (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.