Update: The website went into maintenance mode before it was taken down at about 6pm.
PETALING JAYA: Thanks to a string of data leaks, the personal information of Malaysians has been sold on the darknet in the past. However, now a website is allegedly selling the data on the publicly accessible Internet, or clearnet, collating information from multiple breaches.
The website, spotlighted by Twitter user @Radz1112 or “Cyber Guardian”, allows a person to be searched by details like name, address, phone number, MyKad or military ID or date of birth.
Searching a person by the MyKad ID, for instance, will reveal the person’s full name, date of birth, gender and house address, he said.
However, more detailed information, including MySejahtera vaccination info, loans and credit card applications, is hidden behind a paywall.
"OSINT (open source intelligence) tools are common and they display easily accessible information like a person’s social media, but this is one of the few instances where I am seeing country-specific database leaks being compiled in a single spot," Radzi1112 said.
He said the website is easily found via a Google search, and has the potential to put the data in the hands of many more bad actors who could exploit it for financial gain or other nefarious purposes.
Radz1112, who claims he dabbles in cybersecurity and other disciplines such as criminology, discovered the website while doing a search for local OSINT tools.
"Granted that some of the information is paywalled, you can still do some harm if you have access to the right information," he said.
He urged users to take steps to protect themselves, including removing personal details – real name, birth date, car licence plate and place/date of birth – from social media platforms.
Chairman of LGMS Berhad and cybersecurity consultant, Fong Choong Fook, said personal data is typically sold on the dark web, which grants anonymity and requires specific software to be accessed. It can’t, for instance, be accessed using a Chrome browser.
He added that as this data was published on clearnet, it can be easily taken down by authorities once they become aware.
Fong, however, is not surprised that personal data is now being sold on clearweb as there have been a series of data leaks in the country, and he felt this was bound to happen.
The government, he said, has yet to take action or announce the result of investigations into alleged data breaches involving its agencies.
"They should be more transparent and announce to the public the result of their investigations.
“What did they find? How did they conduct it? They should share who was involved and what the root cause was so that we can take precautions to protect ourselves," he said.