MCMC blocks ‘SayaKenaHack.com’


Not available: A screenshot of the landing page at ‘sayakenahack.com’ which has been blocked by the MCMC.

Not available: A screenshot of the landing page at ‘sayakenahack.com’ which has been blocked by the MCMC.

PETALING JAYA: The authorities have blocked SayaKenaHack.com.

Malaysian Communications and Multimedia Commission (MCMC) chief operating officer Datuk Dr Mazlan Ismail said this was done following an application from the Personal Data Protection Depart­ment under Section 130 of the Personal Data Protection Act 2010 for unlawful collection of personal data.

The Star ran a series of articles on a data breach that affected some 46.2 million subscribers. On Wednesday, it highlighted the discovery of another breach within the major breach.

Malaysians discovered that unknown mobile phone numbers were registered under their MyKad numbers when they logged into SayaKenaHack.com.

The website was created by IT expert Keith Rozario to help the public verify if they were part of the breach.

Rozario denied claims that Saya­KenaHack.com was a phishing website to obtain MyKad numbers.

He said it was illogical for him to do so as he already had the breached data, which was how he created the website in the first place for users to check their status.

“Also, I don’t keep logs of what hits the API (Application Programming Interface). I have Google Analytics on the page to keep track of how many users are on it but that’s it,” he said when contacted.

Rozario added that he structured the data so that it was all masked and scrubbed clean.

He believed that the dummy data input by a telco was present in the leaked database as entries such as 12345 and 112233445566 in the MyKad number field also yielded results.

Rozario clarified on his blog that on analysing the data, he noticed some account numbers belonging to strange names. He believed that this was the test data.

“You might not trust me, that’s fine,” Rozario said. “Honestly, typing your IC number into a dodgy website named SayaKenaHack isn’t the best idea in the world.

“But disclosures like this are an info security norm these days, and unfortunately if you want to see if your personal data was stolen, you have to give some of it to the person who’s checking.

“My blog has no adverts, and neither does SayaKenaHack. My reputation is worth more than the money that advertisements could ever bring in,” Rozario said.

A check by The Star showed that the database containing the personal data was easily available online via other channels.

Rozario spent more than 40 hours coding SayaKenaHack.com.

Related stories:

IT experts: Brace for more weird calls

Listen up, these mics are not to be bought

IGP: We’ve strong leads on personal data breach

Science Technology , hack , breach , mcmc