Malaysians’ personal data allegedly being sold openly on the Internet (Update: Site is down)


Searching a person by the MyKad ID, for instance, will reveal the person’s full name, date of birth, gender and house address. — 123rf.com

Update: The website went into maintenance mode before it was taken down at about 6pm.

PETALING JAYA: Thanks to a string of data leaks, the personal information of Malaysians has been sold on the darknet in the past. However, now a website is allegedly selling the data on the publicly accessible Internet, or clearnet, collating information from multiple breaches.

The website, spotlighted by Twitter user @Radz1112 or “Cyber Guardian”, allows a person to be searched by details like name, address, phone number, MyKad or military ID or date of birth.

Searching a person by the MyKad ID, for instance, will reveal the person’s full name, date of birth, gender and house address, he said.

However, more detailed information, including MySejahtera vaccination info, loans and credit card applications, is hidden behind a paywall.

"OSINT (open source intelligence) tools are common and they display easily accessible information like a person’s social media, but this is one of the few instances where I am seeing country-specific database leaks being compiled in a single spot," Radzi1112 said.

He said the website is easily found via a Google search, and has the potential to put the data in the hands of many more bad actors who could exploit it for financial gain or other nefarious purposes.

Radz1112, who claims he dabbles in cybersecurity and other disciplines such as criminology, discovered the website while doing a search for local OSINT tools.

"Granted that some of the information is paywalled, you can still do some harm if you have access to the right information," he said.

He urged users to take steps to protect themselves, including removing personal details – real name, birth date, car licence plate and place/date of birth – from social media platforms.

Chairman of LGMS Berhad and cybersecurity consultant, Fong Choong Fook, said personal data is typically sold on the dark web, which grants anonymity and requires specific software to be accessed. It can’t, for instance, be accessed using a Chrome browser.

He added that as this data was published on clearnet, it can be easily taken down by authorities once they become aware.

Fong, however, is not surprised that personal data is now being sold on clearweb as there have been a series of data leaks in the country, and he felt this was bound to happen.

The government, he said, has yet to take action or announce the result of investigations into alleged data breaches involving its agencies.

"They should be more transparent and announce to the public the result of their investigations.

“What did they find? How did they conduct it? They should share who was involved and what the root cause was so that we can take precautions to protect ourselves," he said.

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

Explainer-What's at stake in Telecom Italia grid deal?
OpenAI's ChatGPT will 'see, hear and speak' in major update
Mercedes applies for tax relief for projects at two U.S. plants
Spotify tests voice translation feature for podcasts
Factbox-CD Projekt's rocky road from Cyberpunk 2077 to Phantom Liberty
Nissan says all new models coming to Europe will be fully electric
Exclusive-SEC collects Wall Street's private messages as WhatsApp probe escalates -sources
Apple supplier Pegatron halts iPhone assembly at India plant after fire
Why Microsoft CEO Satya Nadella says its Copilot AI assistant will be 'as significant as the PC'
OpenAI CEO says possible to get regulation wrong, but should not fear it

Others Also Read