Malaysians’ personal data allegedly being sold openly on the Internet (Update: Site is down)


Searching a person by the MyKad ID, for instance, will reveal the person’s full name, date of birth, gender and house address. — 123rf.com

Update: The website went into maintenance mode before it was taken down at about 6pm.

PETALING JAYA: Thanks to a string of data leaks, the personal information of Malaysians has been sold on the darknet in the past. However, now a website is allegedly selling the data on the publicly accessible Internet, or clearnet, collating information from multiple breaches.

The website, spotlighted by Twitter user @Radz1112 or “Cyber Guardian”, allows a person to be searched by details like name, address, phone number, MyKad or military ID or date of birth.

Searching a person by the MyKad ID, for instance, will reveal the person’s full name, date of birth, gender and house address, he said.

However, more detailed information, including MySejahtera vaccination info, loans and credit card applications, is hidden behind a paywall.

"OSINT (open source intelligence) tools are common and they display easily accessible information like a person’s social media, but this is one of the few instances where I am seeing country-specific database leaks being compiled in a single spot," Radzi1112 said.

He said the website is easily found via a Google search, and has the potential to put the data in the hands of many more bad actors who could exploit it for financial gain or other nefarious purposes.

Radz1112, who claims he dabbles in cybersecurity and other disciplines such as criminology, discovered the website while doing a search for local OSINT tools.

"Granted that some of the information is paywalled, you can still do some harm if you have access to the right information," he said.

He urged users to take steps to protect themselves, including removing personal details – real name, birth date, car licence plate and place/date of birth – from social media platforms.

Chairman of LGMS Berhad and cybersecurity consultant, Fong Choong Fook, said personal data is typically sold on the dark web, which grants anonymity and requires specific software to be accessed. It can’t, for instance, be accessed using a Chrome browser.

He added that as this data was published on clearnet, it can be easily taken down by authorities once they become aware.

Fong, however, is not surprised that personal data is now being sold on clearweb as there have been a series of data leaks in the country, and he felt this was bound to happen.

The government, he said, has yet to take action or announce the result of investigations into alleged data breaches involving its agencies.

"They should be more transparent and announce to the public the result of their investigations.

“What did they find? How did they conduct it? They should share who was involved and what the root cause was so that we can take precautions to protect ourselves," he said.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Samsung Electronics' union threatens first ever walkout next week
Uber to offer Seine cruises, day trips in Paris during Olympics rush
PwC to become OpenAI's largest enterprise customer amid genAI boom
Europe’s cybersecurity chief says disruptive attacks have doubled recently, sees Russia behind many
Does your Airbnb have hidden cameras? Here’s how to find them
Tencent’s marquee game generates over RM650mil in first week
Anger and debate online as China couple let daughter urinate near Thai palace, follows case of ‘Chinese tourists, please keep clean’ sign
New Hong Kong scams using bogus online customer service staff cheat people out of RM114mil in less than five months
Man livestreams his walk through grocery store looking for people to shoot, US police say
Nobel laureate Romer says AI hype risks repeat of crypto bubble

Others Also Read