MCMC blocks ‘SayaKenaHack.com’


  • Nation
  • Friday, 17 Nov 2017

Not available: A screenshot of the landing page at ‘sayakenahack.com’ which has been blocked by the MCMC.

PETALING JAYA: The authorities have blocked SayaKenaHack.com.

Malaysian Communications and Multimedia Commission (MCMC) chief operating officer Datuk Dr Mazlan Ismail said this was done following an application from the Personal Data Protection Depart­ment under Section 130 of the Personal Data Protection Act 2010 for unlawful collection of personal data.

The Star ran a series of articles on a data breach that affected some 46.2 million subscribers. On Wednesday, it highlighted the discovery of another breach within the major breach.

Malaysians discovered that unknown mobile phone numbers were registered under their MyKad numbers when they logged into SayaKenaHack.com.

The website was created by IT expert Keith Rozario to help the public verify if they were part of the breach.

Rozario denied claims that Saya­KenaHack.com was a phishing website to obtain MyKad numbers.

He said it was illogical for him to do so as he already had the breached data, which was how he created the website in the first place for users to check their status.

“Also, I don’t keep logs of what hits the API (Application Programming Interface). I have Google Analytics on the page to keep track of how many users are on it but that’s it,” he said when contacted.

Rozario added that he structured the data so that it was all masked and scrubbed clean.

He believed that the dummy data input by a telco was present in the leaked database as entries such as 12345 and 112233445566 in the MyKad number field also yielded results.

Rozario clarified on his blog that on analysing the data, he noticed some account numbers belonging to strange names. He believed that this was the test data.

“You might not trust me, that’s fine,” Rozario said. “Honestly, typing your IC number into a dodgy website named SayaKenaHack isn’t the best idea in the world.

“But disclosures like this are an info security norm these days, and unfortunately if you want to see if your personal data was stolen, you have to give some of it to the person who’s checking.

“My blog has no adverts, and neither does SayaKenaHack. My reputation is worth more than the money that advertisements could ever bring in,” Rozario said.

A check by The Star showed that the database containing the personal data was easily available online via other channels.

Rozario spent more than 40 hours coding SayaKenaHack.com.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Science & Technology , hack , breach , mcmc

   

Next In Nation

Najib allowed by court to file third-party notices against former SRC directors
Bella case: Court dismisses Siti Bainun's application for statements of prosecution witnesses
Selangor DOE detains three containers with ewaste from US, Spain
Slope collapse closes stretch of Jalan Tampin-Kuala Pilah-Manchis route
Op Saga: Over 200 arrested nationwide for illegal gambling during the World Cup, says Bukit Aman
Not being Cabinet Minister gives me more time to contribute, says Hishammuddin
RM600bil issue: MACC's probe to focus on RM92.5bil only
Govt committed to implementing climate actions, address climate change
Annuar among three divisional leaders sacked by Umno, says Ahmad Maslan
Construction industry struggling to keep up after second cement price hike, urge govt intervention

Others Also Read