Database containing personal info of four million Malaysians allegedly being sold online

The database, 31.8GB in size, is being offered for sale for 0.2 BTC (RM35,350). —

PETALING JAYA: A netizen has raised the alarm on a database being sold online that purportedly contains the personal data of four million Malaysians.

The database, according to a tweet by Adnan Mohd Shukor, is claimed to contain details such as names, emails, mobile numbers and addresses, and is grouped by birth year from 1979 to 1998.

The data is claimed to be harvested from the National Registration Department (NRD) through the myIDENTITY API.

Adnan, an intrusion analyst, also tweeted that the 31.8GB file is being offered for sale for 0.2 BTC (RM35,350).

"I have a crawler running to monitor a few specific keywords. I got an alert yesterday morning and found this posting in a marketplace for database breaches and leaks," Adnan said in a phone interview.

Adnan said he has been on the lookout for this database, as it has been talked about by a number of sellers for the past few months.

"This is not the first time that such a database with details from NRD has leaked onto this marketplace.

“I believe this database is likely to be legitimate as I have sources who have said they have discovered similar findings," he claimed.

Adnan said he has informed the relevant parties about the discovery before going public on Twitter.

"I've reported previous findings before and felt that there was no progress. Instead, I got some disappointing responses.

“They were more concerned about how I found the database. As this is now public, I hope to see things change," he said.

Digital Forensics Research Society (DFRS) president Dr Aswami Fadillah Mohd Ariffin said “policies and technicalities” must address whatever incidences or cases happening on the ground.

“If not, digital transformation will not progress smoothly," he said.

Cybersecurity firm LGMS founder Fong Choong Fook said it's likely that the database is made up of information from past data breaches.

"I don't have access to the database, so what I can say is that the information can be found from various stashes on the Internet as we have suffered several rounds of data leak before," he said, pointing to the 2017 data leak involving 46 million mobile numbers as an example.

When contacted, CyberSecurity Malaysia, the national cyber security specialist agency under the purview of the Communications and Multimedia Malaysia Ministry, said it will not be issuing a statement for now, adding that the issue is under the jurisdiction of the Department of Personal Data Protection (JPDP).

NRD has yet to respond but said a statement will be released later.
Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

New technology offers anonymous way to report abuse, doping in the US
Siemens prepares separation of large drive business
Using the world’s first green steel to make a dump truck
Ford to invest around $300 million to build electric car parts at UK plant
Singapore billionaire and Ronaldo try to marry football and tech
Philips lowers outlook as recall, parts shortages bite
Foxconn bullish on electric vehicle prospects as it shows off three prototypes
Energy-stricken South Africa weighs need to save climate and keep lights on
Stellantis, LGES to form battery JV for North American market
Electric vehicle battery startup ONE backed by BMW, Gates-led firm

Others Also Read