Malaysia Telco Hack – Corporations Spill 46 Million Records

The New Acunetix V12 Engine


The Malaysia Telco Hack has been blowing up in the news with over 46 Million Records being leaked including IMEI numbers, SIM card details, serial numbers and home addresses.

Malaysia Telco Hack - Corporations Spill 46 Million Records


This is an interesting one for me as I live in Malaysia, so this Malaysia Telco Hack was big news over here, especially seen as though from the numbers it looks to affect pretty much every single person in the country (and many more than once with a popular of 31 million).

It’s also a pretty big leak, even on the global scale with the recent large with other recent high-profile cases like Taringa hack being 27 million, Equifax hack at 143 Million or more and Time Warner Cable hack with a paltry 4 Million.

The personal data of millions of Malaysians has been swiped by hackers who raided government servers and databases at a dozen telcos in the southeast Asia nation.

Information on 46.2 million cellphone accounts was slurped from Malaysians telecoms providers. To put that in context, the population of Malaysia is 31.2 million; obviously, some people have more than one number.

The stolen telco records include people’s mobile phone numbers, SIM card details, device serial numbers, and home addresses, all of which are useful to identity thieves and scammers. Some 80,000 medical records were also accessed during the hacking spree, and government websites as well as Jobstreet.com were attacked and infiltrated, too, we’re told.

The Malaysian Communications and Multimedia Commission, along with the police, are probing the computer security breaches. DiGi.Com and Celcom Axiata are among the dozen compromised telcos assisting investigators.


The breach was first seen on LowYat.net a local technology forum, but the article was taken down very shortly afterwards by the Multimedia Commission of Malaysia (MCMC).

The data itself appeared on the darknet selling the files for an undisclosed amount of Bitcoin, which is a fairly normal thing to happen to leaked data although it seems the hack (or hacks?) took place some time in 2014.

The intrusions were first reported by Malaysian news site lowyat.net, which spotted, in the middle of last month, a mystery scumbag trying to flog the stolen data for Bitcoins.

Malaysian officials confirmed this week that nearly 50 million mobile phone account records were accessed by hackers unknown. The authorities also warned that people’s private data was stolen from the Malaysian Medical Council, the Malaysian Medical Association, the Academy of Medicine, the Malaysian Housing Loan Applications body, the Malaysian Dental Association, and the National Specialist Register of Malaysia.

It’s believed the systems were actually hacked as far back as 2014, The Star reported.

Incredible as it may seem there’s at least a couple of precedents for a huge chunk of the population of an entire country getting caught up in a database security breach.

Apart from telcos there appeared to be data from some other large Malaysian corporations including Jobstreet, the Malaysian Medical Council, Malaysian Housing Loan Applications, the Dental Association and some others.

And those were big too with the Jobstreet database alone having almost 17 Million rows of customer information including address and phone number for many people, which seemed to date back slightly further to 2012-2013.

The Malaysia Telco hack data included every major telco and MVNO in the country, Celcom, DiGi, Maxis, Umobile, Friendi, Tunetalk, Redtone, XOX, Altel, PLDT and EnablingAsia.

It’s very likely the data has been for sale for quite some time on the darknet markets, someone probably bought it cheaply as it’s quite old and exposed it by trying to make a quick buck on a clearnet forum.

Source: The Register

Posted in: Hacking News

,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


Comments are closed.