MCMC blocks ‘SayaKenaHack.com’


Not available: A screenshot of the landing page at ‘sayakenahack.com’ which has been blocked by the MCMC.

PETALING JAYA: The authorities have blocked SayaKenaHack.com.

Malaysian Communications and Multimedia Commission (MCMC) chief operating officer Datuk Dr Mazlan Ismail said this was done following an application from the Personal Data Protection Depart­ment under Section 130 of the Personal Data Protection Act 2010 for unlawful collection of personal data.

The Star ran a series of articles on a data breach that affected some 46.2 million subscribers. On Wednesday, it highlighted the discovery of another breach within the major breach.

Malaysians discovered that unknown mobile phone numbers were registered under their MyKad numbers when they logged into SayaKenaHack.com.

The website was created by IT expert Keith Rozario to help the public verify if they were part of the breach.

Rozario denied claims that Saya­KenaHack.com was a phishing website to obtain MyKad numbers.

He said it was illogical for him to do so as he already had the breached data, which was how he created the website in the first place for users to check their status.

“Also, I don’t keep logs of what hits the API (Application Programming Interface). I have Google Analytics on the page to keep track of how many users are on it but that’s it,” he said when contacted.

Rozario added that he structured the data so that it was all masked and scrubbed clean.

He believed that the dummy data input by a telco was present in the leaked database as entries such as 12345 and 112233445566 in the MyKad number field also yielded results.

Rozario clarified on his blog that on analysing the data, he noticed some account numbers belonging to strange names. He believed that this was the test data.

“You might not trust me, that’s fine,” Rozario said. “Honestly, typing your IC number into a dodgy website named SayaKenaHack isn’t the best idea in the world.

“But disclosures like this are an info security norm these days, and unfortunately if you want to see if your personal data was stolen, you have to give some of it to the person who’s checking.

“My blog has no adverts, and neither does SayaKenaHack. My reputation is worth more than the money that advertisements could ever bring in,” Rozario said.

A check by The Star showed that the database containing the personal data was easily available online via other channels.

Rozario spent more than 40 hours coding SayaKenaHack.com.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3

Science & Technology , hack , breach , mcmc

   

Next In Nation

Man who killed pet dog for a meal fined RM10,000
Singer Santesh Kumar lends voice to debate on death penalty
Reezal Merican: Sports should be colour-blind, actions of Johor school inappropriate
Dr Mah: School’s move to segregate sports racially not in line with Education Ministry aspirations
Dr Mah: 10% of teachers vaccinated against Covid-19
Covid-19: Five shuttlers test positive, Academy Badminton Malaysia shuts down
Durian trader claims cheated of over RM170,000 in investment scam
Fireworks worth over RM90,000 seized, three arrested in Senai
Tok Adis Ramadan bazaar ordered to close for violating SOP
Eight held over Raya-themed gambling ad

Stories You'll Enjoy


Vouchers