Maxis says its system is unaffected after R00tk1t hacker group threatens to expose ‘treasure trove of customer data’


Maxis discovered a suspected incident of unauthorised access to a system belonging to one of its third-party vendors. — Maxis

PETALING JAYA: Maxis released a statement saying that it did not find any issues with its systems after the notorious hacker group R00tk1t claimed to have breached its infrastructure and threatened to expose a “treasure trove of customer data”.

However, it discovered a suspected incident of unauthorised access to a system belonging to one of its third-party vendors.

“Earlier today, Maxis received a report alleging a cybersecurity breach. We immediately launched an investigation to determine the validity.

“While we did not identify anything related to our own systems, we identified a suspected incident involving unauthorised access to one of our third-party vendor systems that resides outside of Maxis' internal network environment,” it said.

While it didn’t name the company, it said it would be working with it to investigate further and had also informed the relevant authorities.

“Our customers’ privacy and security are of the utmost importance to us, and our ongoing priority is a thorough assessment and containment.” it said in the statement.

“We will continue to provide necessary updates on developments,” it said, adding that additional defence measures are also being put in place to reduce any further risk.

In its Telegram group, R00tk1t posted three screenshots of what appears to be a database of users.

The screenshots do not include personal identifiable information (PII), but show other details like the type of user affected (home or SME), the model of a user's router or modem, and what appears to be a serial number for each line.

It remains to be seen if the hacker group has additional data that was excluded from the sample screenshots.

Judging from the screenshots, the data, if accurate, appears to belong to broadband users rather than mobile subscribers.

R00tk1t previously warned that it would be targeting the Malaysian Internet infrastructure on Jan 26.

On Jan 30, the group claimed to have breached Aminia, a local palm oil and network solutions company.

Aminia is also a provider of cloud services, Internet of Things (IoT) technologies, and networking equipment such as routers.

The post includes a screenshot of what appears to be a back-end dashboard belonging to the company.

Yesterday (Feb 4), it also claimed to have defaced and breached a local tutoring course website, YouTutor, and stolen a database containing 1,886 lines of user data. It included a zip file with an Excel sheet of the database.

The allegedly leaked database included PII such as full names, addresses, email addresses, phone numbers, MyKad numbers, and user IDs belonging to the company's staff, teachers, and students.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
R00tk1t

Next In Tech News

Taiwan electronics firms plan more Texas investments, industry body says
UN: Fishing trawlers, not sabotage, behind most undersea cable damage
Digital Ministry to launch monitoring system to combat sale of personal data�on�dark�web
Huawei launches tri-folding Mate XT Ultimate Design smartphone in Malaysia, pre-orders priced at RM14,999
With an evil empire’s power comes great responsibility
Musk launches ‘scary smart’ AI chatbot
Capgemini sales fall less than expected, but soft outlook knocks shares
DeepSeek in running to power China weather agency’s forecasts
OpenAI weighs special voting rights to guard against hostile takeovers, FT reports
Yahoo News signs up influencers with promise of shared advertising sales

Others Also Read